Analysis Overview
SHA256
b8fda1b4500ac5fa17c42f664f5708ce394b039f1a18fc7e526b714df784af6b
Threat Level: Known bad
The file JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1 was found to be: Known bad.
Malicious Activity Summary
Pykspa
Pykspa family
Modifies WinLogon for persistence
UAC bypass
Detect Pykspa worm
Disables RegEdit via registry modification
Adds policy Run key to start application
Checks computer location settings
Impair Defenses: Safe Mode Boot
Executes dropped EXE
Checks whether UAC is enabled
Adds Run key to start application
Looks up external IP address via web service
Hijack Execution Flow: Executable Installer File Permissions Weakness
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of WriteProcessMemory
System policy modification
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-18 22:53
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2025-04-18 22:53
Reported
2025-04-18 22:56
Platform
win11-20250410-en
Max time kernel
49s
Max time network
151s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "ysplexzvmgtejvudvrlie.exe" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysplexzvmgtejvudvrlie.exe" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\csldshfxkajqrzuzn.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "lcwpfvunbsckmvrxmf.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysplexzvmgtejvudvrlie.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysplexzvmgtejvudvrlie.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\twyb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zocrkvkjwiaioovp.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jcytldezpiueitrzqlea.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\twyb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ngyrodwzqgcoycnltkjc.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "csldshfxkajqrzuzn.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aglrbdj = "zocrkvkjwiaioovp.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "jcytldezpiueitrzqlea.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\twyb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\asjbxldfvkfqzcmjqge.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lcwpfvunbsckmvrxmf.exe" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "csldshfxkajqrzuzn.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "csldshfxkajqrzuzn.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "vkcthvsjvksyyfzd.exe" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "ysplexzvmgtejvudvrlie.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "csldshfxkajqrzuzn.exe" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "vkcthvsjvksyyfzd.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "ysplexzvmgtejvudvrlie.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "wojdullfumxgjtqxnhz.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "lcwpfvunbsckmvrxmf.exe" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "vkcthvsjvksyyfzd.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lcwpfvunbsckmvrxmf.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "vkcthvsjvksyyfzd.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "jcytldezpiueitrzqlea.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\csldshfxkajqrzuzn.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "ysplexzvmgtejvudvrlie.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "wojdullfumxgjtqxnhz.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aglrbdj = "ngyrodwzqgcoycnltkjc.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysplexzvmgtejvudvrlie.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysplexzvmgtejvudvrlie.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "ysplexzvmgtejvudvrlie.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysplexzvmgtejvudvrlie.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jcytldezpiueitrzqlea.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lcwpfvunbsckmvrxmf.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "ysplexzvmgtejvudvrlie.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysplexzvmgtejvudvrlie.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ckvfmtjty = "jcytldezpiueitrzqlea.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jowdhl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe ." | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "jcytldezpiueitrzqlea.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe ." | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nswbkl = "ngyrodwzqgcoycnltkjc.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "ysplexzvmgtejvudvrlie.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nymzjtmzhswy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\csldshfxkajqrzuzn.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "jcytldezpiueitrzqlea.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "vkcthvsjvksyyfzd.exe" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "csldshfxkajqrzuzn.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qanzirjvcmp = "jcytldezpiueitrzqlea.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\wcltydr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\csldshfxkajqrzuzn.exe" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jcytldezpiueitrzqlea.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "csldshfxkajqrzuzn.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qanzirjvcmp = "jcytldezpiueitrzqlea.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mynbmxrfoafif = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysplexzvmgtejvudvrlie.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "wojdullfumxgjtqxnhz.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nymzjtmzhswy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe ." | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\wcltydr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nymzjtmzhswy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jcytldezpiueitrzqlea.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "ysplexzvmgtejvudvrlie.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe ." | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mynbmxrfoafif = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\cgjnv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zocrkvkjwiaioovp.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jcytldezpiueitrzqlea.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "vkcthvsjvksyyfzd.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qanzirjvcmp = "wojdullfumxgjtqxnhz.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\cgjnv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pgwnivmncqkucenjpe.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mynbmxrfoafif = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lcwpfvunbsckmvrxmf.exe" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "ysplexzvmgtejvudvrlie.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "wojdullfumxgjtqxnhz.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\wcltydr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jcytldezpiueitrzqlea.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nymzjtmzhswy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lcwpfvunbsckmvrxmf.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "jcytldezpiueitrzqlea.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "lcwpfvunbsckmvrxmf.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\wcltydr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jcytldezpiueitrzqlea.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\veqbjritzi = "wojdullfumxgjtqxnhz.exe" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nswbkl = "cwpjhxrvnebozeqpyqqkd.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mynbmxrfoafif = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\veqbjritzi = "vkcthvsjvksyyfzd.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\wcltydr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysplexzvmgtejvudvrlie.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\wcltydr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\wcltydr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qanzirjvcmp = "jcytldezpiueitrzqlea.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "csldshfxkajqrzuzn.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qanzirjvcmp = "jcytldezpiueitrzqlea.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "lcwpfvunbsckmvrxmf.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "vkcthvsjvksyyfzd.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qanzirjvcmp = "wojdullfumxgjtqxnhz.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\wcltydr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysplexzvmgtejvudvrlie.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lsclrxmv = "jcytldezpiueitrzqlea.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mynbmxrfoafif = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nymzjtmzhswy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vkcthvsjvksyyfzd.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\veqbjritzi = "vkcthvsjvksyyfzd.exe" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\Run\wcltydr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lcwpfvunbsckmvrxmf.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nymzjtmzhswy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wojdullfumxgjtqxnhz.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qanzirjvcmp = "vkcthvsjvksyyfzd.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "wojdullfumxgjtqxnhz.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wcltydr = "vkcthvsjvksyyfzd.exe" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\cgjnv = "cwpjhxrvnebozeqpyqqkd.exe" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2787523927-1212474705-3964982594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qanzirjvcmp = "jcytldezpiueitrzqlea.exe ." | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\pkifztwtlgugmzzjczuspj.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jcytldezpiueitrzqlea.exe | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| File created | C:\Windows\SysWOW64\deillluxvwqiuntjilmqtttc.dey | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wojdullfumxgjtqxnhz.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lcwpfvunbsckmvrxmf.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vkcthvsjvksyyfzd.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jcytldezpiueitrzqlea.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vkcthvsjvksyyfzd.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lcwpfvunbsckmvrxmf.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\csldshfxkajqrzuzn.exe | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lcwpfvunbsckmvrxmf.exe | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vkcthvsjvksyyfzd.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vkcthvsjvksyyfzd.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pkifztwtlgugmzzjczuspj.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pkifztwtlgugmzzjczuspj.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mynbmxrfoafifjablzlaozkesbnsvswnoym.nbm | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jcytldezpiueitrzqlea.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\csldshfxkajqrzuzn.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vkcthvsjvksyyfzd.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wojdullfumxgjtqxnhz.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jcytldezpiueitrzqlea.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\csldshfxkajqrzuzn.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\csldshfxkajqrzuzn.exe | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lcwpfvunbsckmvrxmf.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vkcthvsjvksyyfzd.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wojdullfumxgjtqxnhz.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jcytldezpiueitrzqlea.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pkifztwtlgugmzzjczuspj.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\csldshfxkajqrzuzn.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jcytldezpiueitrzqlea.exe | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vkcthvsjvksyyfzd.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jcytldezpiueitrzqlea.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jcytldezpiueitrzqlea.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pkifztwtlgugmzzjczuspj.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wojdullfumxgjtqxnhz.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vkcthvsjvksyyfzd.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\csldshfxkajqrzuzn.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\csldshfxkajqrzuzn.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lcwpfvunbsckmvrxmf.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wojdullfumxgjtqxnhz.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jcytldezpiueitrzqlea.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pkifztwtlgugmzzjczuspj.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vkcthvsjvksyyfzd.exe | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vkcthvsjvksyyfzd.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lcwpfvunbsckmvrxmf.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lcwpfvunbsckmvrxmf.exe | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ysplexzvmgtejvudvrlie.exe | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\csldshfxkajqrzuzn.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pkifztwtlgugmzzjczuspj.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lcwpfvunbsckmvrxmf.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jcytldezpiueitrzqlea.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\csldshfxkajqrzuzn.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wojdullfumxgjtqxnhz.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\csldshfxkajqrzuzn.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\deillluxvwqiuntjilmqtttc.dey | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| File opened for modification | C:\Program Files (x86)\mynbmxrfoafifjablzlaozkesbnsvswnoym.nbm | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| File created | C:\Program Files (x86)\mynbmxrfoafifjablzlaozkesbnsvswnoym.nbm | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| File opened for modification | C:\Program Files (x86)\deillluxvwqiuntjilmqtttc.dey | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\csldshfxkajqrzuzn.exe | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| File opened for modification | C:\Windows\lcwpfvunbsckmvrxmf.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\pkifztwtlgugmzzjczuspj.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\jcytldezpiueitrzqlea.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\csldshfxkajqrzuzn.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\pkifztwtlgugmzzjczuspj.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\lcwpfvunbsckmvrxmf.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\vkcthvsjvksyyfzd.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\ysplexzvmgtejvudvrlie.exe | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| File opened for modification | C:\Windows\jcytldezpiueitrzqlea.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\ysplexzvmgtejvudvrlie.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\ysplexzvmgtejvudvrlie.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\csldshfxkajqrzuzn.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\jcytldezpiueitrzqlea.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\vkcthvsjvksyyfzd.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\lcwpfvunbsckmvrxmf.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\wojdullfumxgjtqxnhz.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\jcytldezpiueitrzqlea.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\jcytldezpiueitrzqlea.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\wojdullfumxgjtqxnhz.exe | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| File opened for modification | C:\Windows\jcytldezpiueitrzqlea.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\lcwpfvunbsckmvrxmf.exe | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| File opened for modification | C:\Windows\jcytldezpiueitrzqlea.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\vkcthvsjvksyyfzd.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\ysplexzvmgtejvudvrlie.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\pkifztwtlgugmzzjczuspj.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\ysplexzvmgtejvudvrlie.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\wojdullfumxgjtqxnhz.exe | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| File opened for modification | C:\Windows\vkcthvsjvksyyfzd.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\csldshfxkajqrzuzn.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\lcwpfvunbsckmvrxmf.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\vkcthvsjvksyyfzd.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\wojdullfumxgjtqxnhz.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\pkifztwtlgugmzzjczuspj.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\pkifztwtlgugmzzjczuspj.exe | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| File opened for modification | C:\Windows\jcytldezpiueitrzqlea.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\vkcthvsjvksyyfzd.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\csldshfxkajqrzuzn.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\lcwpfvunbsckmvrxmf.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\jcytldezpiueitrzqlea.exe | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| File opened for modification | C:\Windows\jcytldezpiueitrzqlea.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\pkifztwtlgugmzzjczuspj.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\ysplexzvmgtejvudvrlie.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\lcwpfvunbsckmvrxmf.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\csldshfxkajqrzuzn.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\lcwpfvunbsckmvrxmf.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\lcwpfvunbsckmvrxmf.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\vkcthvsjvksyyfzd.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\ysplexzvmgtejvudvrlie.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\csldshfxkajqrzuzn.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\vkcthvsjvksyyfzd.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\lcwpfvunbsckmvrxmf.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\wojdullfumxgjtqxnhz.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\csldshfxkajqrzuzn.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\ysplexzvmgtejvudvrlie.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\wojdullfumxgjtqxnhz.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\jcytldezpiueitrzqlea.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\lcwpfvunbsckmvrxmf.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\vkcthvsjvksyyfzd.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\vkcthvsjvksyyfzd.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\mynbmxrfoafifjablzlaozkesbnsvswnoym.nbm | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| File opened for modification | C:\Windows\ysplexzvmgtejvudvrlie.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\csldshfxkajqrzuzn.exe | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| File opened for modification | C:\Windows\lcwpfvunbsckmvrxmf.exe | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jcytldezpiueitrzqlea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cwpjhxrvnebozeqpyqqkd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jcytldezpiueitrzqlea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jcytldezpiueitrzqlea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jcytldezpiueitrzqlea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\csldshfxkajqrzuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lcwpfvunbsckmvrxmf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\asjbxldfvkfqzcmjqge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jcytldezpiueitrzqlea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jcytldezpiueitrzqlea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vkcthvsjvksyyfzd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\csldshfxkajqrzuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ysplexzvmgtejvudvrlie.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jcytldezpiueitrzqlea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jcytldezpiueitrzqlea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lcwpfvunbsckmvrxmf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cwpjhxrvnebozeqpyqqkd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lcwpfvunbsckmvrxmf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vkcthvsjvksyyfzd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wojdullfumxgjtqxnhz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lcwpfvunbsckmvrxmf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gwlbvhxxlyrahiqlq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jcytldezpiueitrzqlea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ngyrodwzqgcoycnltkjc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ysplexzvmgtejvudvrlie.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vkcthvsjvksyyfzd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\csldshfxkajqrzuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wojdullfumxgjtqxnhz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vkcthvsjvksyyfzd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\csldshfxkajqrzuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zocrkvkjwiaioovp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wojdullfumxgjtqxnhz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\jowdhl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe"
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe .
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\csldshfxkajqrzuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."
C:\Users\Admin\AppData\Local\Temp\jowdhl.exe
"C:\Users\Admin\AppData\Local\Temp\jowdhl.exe" "-C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe"
C:\Users\Admin\AppData\Local\Temp\jowdhl.exe
"C:\Users\Admin\AppData\Local\Temp\jowdhl.exe" "-C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe .
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\vkcthvsjvksyyfzd.exe*."
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe
C:\Windows\ysplexzvmgtejvudvrlie.exe
ysplexzvmgtejvudvrlie.exe .
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\wojdullfumxgjtqxnhz.exe*."
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe .
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\csldshfxkajqrzuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .
C:\Windows\ysplexzvmgtejvudvrlie.exe
ysplexzvmgtejvudvrlie.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\ysplexzvmgtejvudvrlie.exe
ysplexzvmgtejvudvrlie.exe
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe
C:\Windows\ysplexzvmgtejvudvrlie.exe
ysplexzvmgtejvudvrlie.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Windows\ysplexzvmgtejvudvrlie.exe
ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\wojdullfumxgjtqxnhz.exe*."
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c asjbxldfvkfqzcmjqge.exe
C:\Windows\asjbxldfvkfqzcmjqge.exe
asjbxldfvkfqzcmjqge.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pgwnivmncqkucenjpe.exe .
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe .
C:\Windows\pgwnivmncqkucenjpe.exe
pgwnivmncqkucenjpe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\csldshfxkajqrzuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cwpjhxrvnebozeqpyqqkd.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\pgwnivmncqkucenjpe.exe*."
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cwpjhxrvnebozeqpyqqkd.exe .
C:\Windows\cwpjhxrvnebozeqpyqqkd.exe
cwpjhxrvnebozeqpyqqkd.exe
C:\Windows\cwpjhxrvnebozeqpyqqkd.exe
cwpjhxrvnebozeqpyqqkd.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\cwpjhxrvnebozeqpyqqkd.exe*."
C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe
C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\asjbxldfvkfqzcmjqge.exe .
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\asjbxldfvkfqzcmjqge.exe
C:\Users\Admin\AppData\Local\Temp\asjbxldfvkfqzcmjqge.exe .
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\asjbxldfvkfqzcmjqge.exe*."
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pgwnivmncqkucenjpe.exe .
C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe
C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe
C:\Users\Admin\AppData\Local\Temp\pgwnivmncqkucenjpe.exe
C:\Users\Admin\AppData\Local\Temp\pgwnivmncqkucenjpe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\pgwnivmncqkucenjpe.exe*."
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gwlbvhxxlyrahiqlq.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Windows\gwlbvhxxlyrahiqlq.exe
gwlbvhxxlyrahiqlq.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gwlbvhxxlyrahiqlq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Windows\gwlbvhxxlyrahiqlq.exe
gwlbvhxxlyrahiqlq.exe .
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\gwlbvhxxlyrahiqlq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c asjbxldfvkfqzcmjqge.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .
C:\Windows\asjbxldfvkfqzcmjqge.exe
asjbxldfvkfqzcmjqge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngyrodwzqgcoycnltkjc.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\wojdullfumxgjtqxnhz.exe*."
C:\Windows\ngyrodwzqgcoycnltkjc.exe
ngyrodwzqgcoycnltkjc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cwpjhxrvnebozeqpyqqkd.exe .
C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe
C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ngyrodwzqgcoycnltkjc.exe*."
C:\Users\Admin\AppData\Local\Temp\cwpjhxrvnebozeqpyqqkd.exe
C:\Users\Admin\AppData\Local\Temp\cwpjhxrvnebozeqpyqqkd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\cwpjhxrvnebozeqpyqqkd.exe*."
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe
C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe
C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gwlbvhxxlyrahiqlq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\gwlbvhxxlyrahiqlq.exe
C:\Users\Admin\AppData\Local\Temp\gwlbvhxxlyrahiqlq.exe .
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\gwlbvhxxlyrahiqlq.exe*."
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe
C:\Windows\ysplexzvmgtejvudvrlie.exe
ysplexzvmgtejvudvrlie.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe .
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\csldshfxkajqrzuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe
C:\Windows\ysplexzvmgtejvudvrlie.exe
ysplexzvmgtejvudvrlie.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .
C:\Windows\ysplexzvmgtejvudvrlie.exe
ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Windows\ysplexzvmgtejvudvrlie.exe
ysplexzvmgtejvudvrlie.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe .
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\wojdullfumxgjtqxnhz.exe*."
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe
C:\Windows\ysplexzvmgtejvudvrlie.exe
ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\wojdullfumxgjtqxnhz.exe*."
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe .
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\vkcthvsjvksyyfzd.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .
C:\Windows\ysplexzvmgtejvudvrlie.exe
ysplexzvmgtejvudvrlie.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\wojdullfumxgjtqxnhz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cwpjhxrvnebozeqpyqqkd.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\wojdullfumxgjtqxnhz.exe*."
C:\Windows\cwpjhxrvnebozeqpyqqkd.exe
cwpjhxrvnebozeqpyqqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngyrodwzqgcoycnltkjc.exe .
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Windows\ngyrodwzqgcoycnltkjc.exe
ngyrodwzqgcoycnltkjc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ngyrodwzqgcoycnltkjc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c asjbxldfvkfqzcmjqge.exe
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe
C:\Windows\asjbxldfvkfqzcmjqge.exe
asjbxldfvkfqzcmjqge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zocrkvkjwiaioovp.exe .
C:\Windows\zocrkvkjwiaioovp.exe
zocrkvkjwiaioovp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gwlbvhxxlyrahiqlq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\gwlbvhxxlyrahiqlq.exe
C:\Users\Admin\AppData\Local\Temp\gwlbvhxxlyrahiqlq.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\zocrkvkjwiaioovp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\asjbxldfvkfqzcmjqge.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Users\Admin\AppData\Local\Temp\asjbxldfvkfqzcmjqge.exe
C:\Users\Admin\AppData\Local\Temp\asjbxldfvkfqzcmjqge.exe .
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\asjbxldfvkfqzcmjqge.exe*."
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe
C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\asjbxldfvkfqzcmjqge.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\asjbxldfvkfqzcmjqge.exe
C:\Users\Admin\AppData\Local\Temp\asjbxldfvkfqzcmjqge.exe .
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\asjbxldfvkfqzcmjqge.exe*."
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe
C:\Windows\ysplexzvmgtejvudvrlie.exe
ysplexzvmgtejvudvrlie.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\wojdullfumxgjtqxnhz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\csldshfxkajqrzuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ysplexzvmgtejvudvrlie.exe
ysplexzvmgtejvudvrlie.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\vkcthvsjvksyyfzd.exe*."
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe
C:\Windows\ysplexzvmgtejvudvrlie.exe
ysplexzvmgtejvudvrlie.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe .
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\vkcthvsjvksyyfzd.exe*."
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe .
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\vkcthvsjvksyyfzd.exe*."
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe
C:\Windows\ysplexzvmgtejvudvrlie.exe
ysplexzvmgtejvudvrlie.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zocrkvkjwiaioovp.exe
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe .
C:\Windows\zocrkvkjwiaioovp.exe
zocrkvkjwiaioovp.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cwpjhxrvnebozeqpyqqkd.exe .
C:\Windows\ysplexzvmgtejvudvrlie.exe
ysplexzvmgtejvudvrlie.exe
C:\Windows\cwpjhxrvnebozeqpyqqkd.exe
cwpjhxrvnebozeqpyqqkd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\cwpjhxrvnebozeqpyqqkd.exe*."
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c asjbxldfvkfqzcmjqge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cwpjhxrvnebozeqpyqqkd.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."
C:\Windows\asjbxldfvkfqzcmjqge.exe
asjbxldfvkfqzcmjqge.exe
C:\Windows\cwpjhxrvnebozeqpyqqkd.exe
cwpjhxrvnebozeqpyqqkd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe
C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe
C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\cwpjhxrvnebozeqpyqqkd.exe*."
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe
C:\Users\Admin\AppData\Local\Temp\ngyrodwzqgcoycnltkjc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ngyrodwzqgcoycnltkjc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pgwnivmncqkucenjpe.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\pgwnivmncqkucenjpe.exe
C:\Users\Admin\AppData\Local\Temp\pgwnivmncqkucenjpe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cwpjhxrvnebozeqpyqqkd.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."
C:\Users\Admin\AppData\Local\Temp\cwpjhxrvnebozeqpyqqkd.exe
C:\Users\Admin\AppData\Local\Temp\cwpjhxrvnebozeqpyqqkd.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\cwpjhxrvnebozeqpyqqkd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .
C:\Windows\ysplexzvmgtejvudvrlie.exe
ysplexzvmgtejvudvrlie.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .
C:\Windows\ysplexzvmgtejvudvrlie.exe
ysplexzvmgtejvudvrlie.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe .
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\csldshfxkajqrzuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe .
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\vkcthvsjvksyyfzd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe .
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe .
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\csldshfxkajqrzuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\vkcthvsjvksyyfzd.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\lcwpfvunbsckmvrxmf.exe*."
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\wojdullfumxgjtqxnhz.exe*."
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\vkcthvsjvksyyfzd.exe*."
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .
C:\Windows\ysplexzvmgtejvudvrlie.exe
ysplexzvmgtejvudvrlie.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe .
C:\Windows\ysplexzvmgtejvudvrlie.exe
ysplexzvmgtejvudvrlie.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\ysplexzvmgtejvudvrlie.exe*."
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lcwpfvunbsckmvrxmf.exe
C:\Windows\lcwpfvunbsckmvrxmf.exe
lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe .
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\csldshfxkajqrzuzn.exe*."
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe .
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\lcwpfvunbsckmvrxmf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysplexzvmgtejvudvrlie.exe
C:\Windows\ysplexzvmgtejvudvrlie.exe
ysplexzvmgtejvudvrlie.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe .
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c asjbxldfvkfqzcmjqge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\jcytldezpiueitrzqlea.exe*."
C:\Windows\asjbxldfvkfqzcmjqge.exe
asjbxldfvkfqzcmjqge.exe
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe .
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cwpjhxrvnebozeqpyqqkd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Windows\cwpjhxrvnebozeqpyqqkd.exe
cwpjhxrvnebozeqpyqqkd.exe .
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\csldshfxkajqrzuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cwpjhxrvnebozeqpyqqkd.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\cwpjhxrvnebozeqpyqqkd.exe*."
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\jcytldezpiueitrzqlea.exe .
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gwlbvhxxlyrahiqlq.exe .
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\cwpjhxrvnebozeqpyqqkd.exe
cwpjhxrvnebozeqpyqqkd.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\jcytldezpiueitrzqlea.exe*."
C:\Windows\gwlbvhxxlyrahiqlq.exe
gwlbvhxxlyrahiqlq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\gwlbvhxxlyrahiqlq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pgwnivmncqkucenjpe.exe .
C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe
C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\pgwnivmncqkucenjpe.exe
C:\Users\Admin\AppData\Local\Temp\pgwnivmncqkucenjpe.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\pgwnivmncqkucenjpe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe
C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe
C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe .
C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe
C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\zocrkvkjwiaioovp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\ysplexzvmgtejvudvrlie.exe*."
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe .
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\vkcthvsjvksyyfzd.exe*."
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\csldshfxkajqrzuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Users\Admin\AppData\Local\Temp\lcwpfvunbsckmvrxmf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\csldshfxkajqrzuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."
C:\Windows\vkcthvsjvksyyfzd.exe
vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\csldshfxkajqrzuzn.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\vkcthvsjvksyyfzd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Users\Admin\AppData\Local\Temp\vkcthvsjvksyyfzd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\cgjnv.exe
"C:\Users\Admin\AppData\Local\Temp\cgjnv.exe" "-C:\Users\Admin\AppData\Local\Temp\zocrkvkjwiaioovp.exe"
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\wojdullfumxgjtqxnhz.exe .
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\users\admin\appdata\local\temp\wojdullfumxgjtqxnhz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c csldshfxkajqrzuzn.exe
C:\Windows\csldshfxkajqrzuzn.exe
csldshfxkajqrzuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jcytldezpiueitrzqlea.exe
C:\Windows\jcytldezpiueitrzqlea.exe
jcytldezpiueitrzqlea.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wojdullfumxgjtqxnhz.exe
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Windows\wojdullfumxgjtqxnhz.exe
wojdullfumxgjtqxnhz.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ysplexzvmgtejvudvrlie.exe
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
"C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe" "c:\windows\wojdullfumxgjtqxnhz.exe*."
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| GB | 2.19.252.87:80 | www.adobe.com | tcp |
| NL | 172.217.218.91:80 | www.youtube.com | tcp |
| DE | 91.64.127.195:41122 | tcp | |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| DE | 91.64.127.195:41122 | tcp | |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | vrekoakvug.net | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | suwqlsxke.net | udp |
| US | 8.8.8.8:53 | uxtqbq.info | udp |
| US | 8.8.8.8:53 | cmeojgn.info | udp |
| US | 8.8.8.8:53 | dlftplzdgj.info | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | igclnsfi.info | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | reshmy.info | udp |
| US | 8.8.8.8:53 | eeerjupknqds.net | udp |
| US | 8.8.8.8:53 | bydpnff.info | udp |
| US | 8.8.8.8:53 | nylwzom.info | udp |
| US | 8.8.8.8:53 | ikjgfghovnv.info | udp |
| US | 8.8.8.8:53 | wfrcgjcwbdfg.net | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | uezqtablkhao.info | udp |
| US | 8.8.8.8:53 | jtakfphwim.net | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | odibdkhyjn.net | udp |
| US | 8.8.8.8:53 | dmxlnsmgxndu.net | udp |
| US | 8.8.8.8:53 | lurtzagawmf.org | udp |
| US | 8.8.8.8:53 | xyhvqwbor.info | udp |
| US | 8.8.8.8:53 | icycog.com | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | iwgoseuy.com | udp |
| US | 8.8.8.8:53 | fsfnuaj.org | udp |
| US | 8.8.8.8:53 | gvhkskl.info | udp |
| US | 8.8.8.8:53 | vmfgpri.net | udp |
| US | 8.8.8.8:53 | nncqcmxcojwy.net | udp |
| US | 8.8.8.8:53 | jsvnxple.info | udp |
| US | 8.8.8.8:53 | awtzwsx.net | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | bepsqkr.net | udp |
| US | 8.8.8.8:53 | xdpfdsto.net | udp |
| US | 8.8.8.8:53 | tcncdtfll.org | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | deisdycaiv.net | udp |
| US | 8.8.8.8:53 | iasiqc.org | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | cutaexfm.net | udp |
| US | 8.8.8.8:53 | bvfxrg.info | udp |
| US | 8.8.8.8:53 | hiqumgp.info | udp |
| US | 8.8.8.8:53 | nefsbc.info | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | lhgqgdnsqr.net | udp |
| US | 8.8.8.8:53 | iqascegykgkw.com | udp |
| US | 8.8.8.8:53 | henrtcogo.org | udp |
| US | 8.8.8.8:53 | ihmctw.info | udp |
| US | 8.8.8.8:53 | vryfnhhv.net | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | ozkukayx.info | udp |
| US | 8.8.8.8:53 | ghbkygdl.info | udp |
| US | 8.8.8.8:53 | vvczhs.info | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | vhthpmr.info | udp |
| US | 8.8.8.8:53 | hebozfr.org | udp |
| US | 8.8.8.8:53 | wjvnorsibr.info | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | juozdcx.net | udp |
| US | 8.8.8.8:53 | iqbauf.info | udp |
| US | 8.8.8.8:53 | aljiyzkufgo.net | udp |
| US | 8.8.8.8:53 | omsmuykswwge.org | udp |
| US | 8.8.8.8:53 | soayqy.com | udp |
| US | 8.8.8.8:53 | rsskxn.info | udp |
| US | 8.8.8.8:53 | simocqcguk.org | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | almnuc.info | udp |
| US | 8.8.8.8:53 | difizypcp.org | udp |
| US | 8.8.8.8:53 | rlmxeedgma.net | udp |
| US | 8.8.8.8:53 | uahejgjgj.net | udp |
| US | 8.8.8.8:53 | hodapebdgqs.org | udp |
| US | 8.8.8.8:53 | oksnewnm.info | udp |
| US | 8.8.8.8:53 | irtxtgmnak.info | udp |
| US | 8.8.8.8:53 | sgyoqcyu.org | udp |
| US | 8.8.8.8:53 | oqoqyegi.org | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | aeimmkuwmkky.org | udp |
| US | 8.8.8.8:53 | glgspbuclsn.net | udp |
| US | 8.8.8.8:53 | yiogckigsy.com | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | xfmrsznb.info | udp |
| US | 8.8.8.8:53 | rxxstgzcz.com | udp |
| US | 8.8.8.8:53 | mkdvhwrmr.net | udp |
| US | 8.8.8.8:53 | wokwfed.info | udp |
| US | 8.8.8.8:53 | isxqlkteinqw.info | udp |
| US | 8.8.8.8:53 | ezomarlwoa.net | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | kheoqzd.info | udp |
| US | 8.8.8.8:53 | ruixqqozfc.info | udp |
| US | 8.8.8.8:53 | lnngbvbdk.org | udp |
| US | 8.8.8.8:53 | fzjqxwtolqn.info | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | kjssrc.info | udp |
| US | 8.8.8.8:53 | fiupqcvkudfs.info | udp |
| US | 8.8.8.8:53 | lmlyqcr.com | udp |
| US | 8.8.8.8:53 | ldtxbtnpoqti.info | udp |
| US | 8.8.8.8:53 | pvsunmhbcggs.info | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | rprorwnvpu.info | udp |
| US | 8.8.8.8:53 | qgcqdzzwcxn.info | udp |
| US | 8.8.8.8:53 | jgrkbduaj.info | udp |
| US | 8.8.8.8:53 | wumssoeo.com | udp |
| US | 8.8.8.8:53 | etzyvajhvol.info | udp |
| US | 8.8.8.8:53 | rklmhsjkgyl.org | udp |
| US | 8.8.8.8:53 | bkagjso.net | udp |
| US | 8.8.8.8:53 | qynadag.net | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | nahidhyot.org | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | ruxytdjrnal.info | udp |
| US | 8.8.8.8:53 | gmcuthp.info | udp |
| US | 8.8.8.8:53 | bxhvjbwn.net | udp |
| US | 8.8.8.8:53 | ejiqqdj.info | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | ttdlzwcgoh.info | udp |
| US | 8.8.8.8:53 | lohizdsczgp.net | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | tdtfkghr.info | udp |
| US | 8.8.8.8:53 | wmwsga.com | udp |
| US | 8.8.8.8:53 | vgvowzrx.info | udp |
| US | 8.8.8.8:53 | fwzcxotpvnwx.info | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | xgrpvsoaxwy.net | udp |
| US | 8.8.8.8:53 | mlzxtx.info | udp |
| US | 8.8.8.8:53 | vnqrls.net | udp |
| US | 8.8.8.8:53 | aegcepzghxwn.info | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | kyhslb.info | udp |
| US | 8.8.8.8:53 | iiyanwjkc.info | udp |
| US | 8.8.8.8:53 | zeguzqewlkg.net | udp |
| US | 8.8.8.8:53 | iynkwmfed.net | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | ggasoawukeqe.org | udp |
| US | 8.8.8.8:53 | lgjozi.net | udp |
| US | 8.8.8.8:53 | kqnsrmhwj.net | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | kkqekgwiwq.com | udp |
| US | 8.8.8.8:53 | aguxblfmqiia.net | udp |
| US | 8.8.8.8:53 | ruhgwgdevnr.com | udp |
| US | 8.8.8.8:53 | rwselgprr.net | udp |
| US | 8.8.8.8:53 | tchthj.net | udp |
| US | 8.8.8.8:53 | lojmhed.info | udp |
| US | 8.8.8.8:53 | maeunkze.info | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | barhbtxt.info | udp |
| US | 8.8.8.8:53 | tupmnkd.info | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | xsemndjuo.net | udp |
| US | 8.8.8.8:53 | bfunsipspoo.net | udp |
| US | 8.8.8.8:53 | wqxopepldat.info | udp |
| US | 8.8.8.8:53 | tcyormp.info | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | xogohuh.com | udp |
| US | 8.8.8.8:53 | bwgybqtqg.org | udp |
| US | 8.8.8.8:53 | zmmszhv.net | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | qejkjwf.info | udp |
| US | 8.8.8.8:53 | wybccsm.info | udp |
| US | 8.8.8.8:53 | awsssy.org | udp |
| US | 8.8.8.8:53 | lrjzdy.info | udp |
| US | 8.8.8.8:53 | eoxypzs.info | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | yuvgymzszwj.net | udp |
| US | 8.8.8.8:53 | hmpysghyr.com | udp |
| US | 8.8.8.8:53 | bylbrlymcwwl.info | udp |
| US | 8.8.8.8:53 | nwsrvpih.info | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | ovugyufowrj.net | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | jkiwkm.info | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | hnzmyy.net | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | herikbn.net | udp |
| US | 8.8.8.8:53 | ilmivzzq.net | udp |
| US | 8.8.8.8:53 | lqchmehqvkb.com | udp |
| US | 8.8.8.8:53 | fmluyir.net | udp |
| US | 8.8.8.8:53 | yamugekyie.org | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | apfsjokixj.info | udp |
| US | 8.8.8.8:53 | gcmgridxp.info | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | hmlyyer.net | udp |
| US | 8.8.8.8:53 | pzingfbv.info | udp |
| US | 8.8.8.8:53 | sqkkcsuccm.com | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | fjzrauhwwdj.org | udp |
| US | 8.8.8.8:53 | zpzobjrmzin.net | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | qeoggcyamgmq.com | udp |
| US | 8.8.8.8:53 | ywigcsucyw.org | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | yplqxrwl.net | udp |
| US | 8.8.8.8:53 | aeljen.net | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | yvizbpae.info | udp |
| US | 8.8.8.8:53 | xqipnotpzemx.net | udp |
| US | 8.8.8.8:53 | uyrkpagkh.info | udp |
| US | 8.8.8.8:53 | bjxfqqrau.info | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | ptdqtai.info | udp |
| US | 8.8.8.8:53 | pbhtngkq.net | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | nmhryadkp.info | udp |
| US | 8.8.8.8:53 | ubzqjhdqpu.info | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | bjdrxojeqslw.info | udp |
| US | 8.8.8.8:53 | qslcbxviv.info | udp |
| US | 8.8.8.8:53 | liikgyfgc.org | udp |
| US | 8.8.8.8:53 | ldhjtozrrc.net | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | jqfijitjd.com | udp |
| US | 8.8.8.8:53 | ykewqyyiew.org | udp |
| US | 8.8.8.8:53 | xtxnenzw.info | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | lpfzzvllz.com | udp |
| US | 8.8.8.8:53 | aqxwzwinuqt.info | udp |
| US | 8.8.8.8:53 | gackrmjzg.info | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | hemzisncitgg.info | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | qarsjiqwl.net | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | ocjpvhhunn.info | udp |
| US | 8.8.8.8:53 | lalcphn.com | udp |
| US | 8.8.8.8:53 | eagqquoc.com | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | cjzill.info | udp |
| US | 8.8.8.8:53 | aaftpevwng.net | udp |
| US | 8.8.8.8:53 | qghsbqvvhmv.info | udp |
| US | 8.8.8.8:53 | ivkhfs.net | udp |
| US | 8.8.8.8:53 | sfxrubka.net | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | lwjesskgt.net | udp |
| US | 8.8.8.8:53 | wkqsjjphse.info | udp |
| US | 8.8.8.8:53 | byjllzwmuylz.net | udp |
| US | 8.8.8.8:53 | ktlmxhq.net | udp |
| US | 8.8.8.8:53 | rigcvtngix.net | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | qgvtfypv.net | udp |
| US | 8.8.8.8:53 | daerpcvoaih.org | udp |
| US | 8.8.8.8:53 | dfampwpuhmf.com | udp |
| US | 8.8.8.8:53 | iyuaaw.org | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | qskuiymg.com | udp |
| US | 8.8.8.8:53 | yhkcdbypqbah.info | udp |
| US | 8.8.8.8:53 | jygbbfpqpsb.net | udp |
| US | 8.8.8.8:53 | mcjmduskyt.info | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | uxykswd.net | udp |
| US | 8.8.8.8:53 | jxgjpent.net | udp |
| US | 8.8.8.8:53 | gtcaxubivkz.info | udp |
| US | 8.8.8.8:53 | chuqagravlah.info | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | januvgvr.info | udp |
| US | 8.8.8.8:53 | twbtvfpunmmz.info | udp |
| US | 8.8.8.8:53 | fsubbbh.org | udp |
| US | 8.8.8.8:53 | vuleibjrjt.net | udp |
| US | 8.8.8.8:53 | ybbbpyvkqxj.info | udp |
| US | 8.8.8.8:53 | poxiiihkn.info | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | effyjb.net | udp |
| US | 8.8.8.8:53 | ymeiin.net | udp |
| US | 8.8.8.8:53 | gmjifq.net | udp |
| US | 8.8.8.8:53 | bghkfqlwj.org | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | nmdycqhit.net | udp |
| US | 8.8.8.8:53 | dwvgokjkapb.net | udp |
| US | 8.8.8.8:53 | yaewkoka.com | udp |
| US | 8.8.8.8:53 | tmezjobct.org | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | ukikwkgq.org | udp |
| US | 8.8.8.8:53 | uuslwapyjnlg.net | udp |
| US | 8.8.8.8:53 | reknlizwf.net | udp |
| US | 8.8.8.8:53 | nqmujubfqqk.net | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | wogmqoacecma.com | udp |
| US | 8.8.8.8:53 | sqpqjanvp.info | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | iiksnougjqx.info | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | wgmgokauce.com | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | dqvhzeat.info | udp |
| US | 8.8.8.8:53 | qkuhxhtuzu.net | udp |
| US | 8.8.8.8:53 | dkdkuoe.net | udp |
| US | 8.8.8.8:53 | jmlpunoylbbf.net | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | oblyzk.net | udp |
| US | 8.8.8.8:53 | iusuyqcy.org | udp |
| US | 8.8.8.8:53 | smkqnya.net | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | kctmdiz.info | udp |
| US | 8.8.8.8:53 | akxcuqbjfmx.net | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | srjdoz.net | udp |
| US | 8.8.8.8:53 | bljqveoqfse.org | udp |
| US | 8.8.8.8:53 | hmnpbwhibjsz.net | udp |
| US | 8.8.8.8:53 | dcmcnw.info | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | hxtlvxridgk.org | udp |
| US | 8.8.8.8:53 | pgbekmqv.net | udp |
| US | 8.8.8.8:53 | qusklqf.net | udp |
| US | 8.8.8.8:53 | eoikyyoucsgo.org | udp |
| US | 8.8.8.8:53 | rpbyxvdt.info | udp |
| US | 8.8.8.8:53 | twlylcfyf.org | udp |
| US | 8.8.8.8:53 | msyxrnmfinzv.net | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | jcjawtrm.info | udp |
| US | 8.8.8.8:53 | zdaxsl.info | udp |
| US | 8.8.8.8:53 | nyvfjsryoqe.net | udp |
| US | 8.8.8.8:53 | keallmzdkjef.info | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | frsobv.net | udp |
| US | 8.8.8.8:53 | jvgdhfsp.net | udp |
| US | 8.8.8.8:53 | axbypwzvw.net | udp |
| US | 8.8.8.8:53 | seimkycy.org | udp |
| US | 8.8.8.8:53 | jqvwewgsdmd.com | udp |
| US | 8.8.8.8:53 | qeqiiyiweo.com | udp |
| US | 8.8.8.8:53 | vwxjbql.info | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | evqphxlv.net | udp |
| US | 8.8.8.8:53 | bhdqdgncxez.info | udp |
| US | 8.8.8.8:53 | bimvledsy.org | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | jtatuhlo.info | udp |
| US | 8.8.8.8:53 | xamdzvre.net | udp |
| US | 8.8.8.8:53 | mqqgmmoquu.org | udp |
| US | 8.8.8.8:53 | smwkws.org | udp |
| US | 8.8.8.8:53 | snhzhakufssh.info | udp |
| US | 8.8.8.8:53 | akeyuqos.org | udp |
| US | 8.8.8.8:53 | gwcxvqtytk.info | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | hekzxc.net | udp |
| US | 8.8.8.8:53 | gwcimptjuotu.info | udp |
| US | 8.8.8.8:53 | syuyai.com | udp |
| US | 8.8.8.8:53 | srgeokdaxu.info | udp |
| US | 8.8.8.8:53 | zlbmsinil.net | udp |
| US | 8.8.8.8:53 | nktujw.net | udp |
| US | 8.8.8.8:53 | yxgvkuolulpi.info | udp |
| US | 8.8.8.8:53 | hwmgxumed.com | udp |
| US | 8.8.8.8:53 | kmjqhursuadq.info | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | nebcbinyxgp.org | udp |
| US | 8.8.8.8:53 | gchhjnnkd.net | udp |
| US | 8.8.8.8:53 | eygaskggka.com | udp |
| US | 8.8.8.8:53 | remiwex.net | udp |
| US | 8.8.8.8:53 | diixbgb.com | udp |
| US | 8.8.8.8:53 | qcokcmocuimq.com | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | rgoshpxos.com | udp |
| US | 8.8.8.8:53 | jsaifqidjwl.com | udp |
| US | 8.8.8.8:53 | ooogqmia.org | udp |
| US | 8.8.8.8:53 | qnxczybaoh.net | udp |
| US | 8.8.8.8:53 | jkdjdsukt.net | udp |
| US | 8.8.8.8:53 | ycoswg.org | udp |
| US | 8.8.8.8:53 | gwexadg.net | udp |
| US | 8.8.8.8:53 | xgdnrio.com | udp |
| US | 8.8.8.8:53 | xxvrkspdanir.net | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | tqdulcv.com | udp |
| US | 8.8.8.8:53 | qceqmomyki.com | udp |
| US | 8.8.8.8:53 | boakdrqiflm.info | udp |
| US | 8.8.8.8:53 | ptpqkybdbmr.net | udp |
| US | 8.8.8.8:53 | ktneeg.info | udp |
| US | 8.8.8.8:53 | okasgwmsce.org | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | qkrqol.net | udp |
| US | 8.8.8.8:53 | iyqwpyj.info | udp |
| US | 8.8.8.8:53 | ndkgdeccv.org | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | nxyvhgr.org | udp |
| US | 8.8.8.8:53 | dfxkepdt.info | udp |
| US | 8.8.8.8:53 | xzierbqw.net | udp |
| US | 8.8.8.8:53 | dyjywwbb.info | udp |
| US | 8.8.8.8:53 | hfbihufhjue.net | udp |
| US | 8.8.8.8:53 | fzbynv.info | udp |
| US | 8.8.8.8:53 | nlbkrbvyw.net | udp |
| US | 8.8.8.8:53 | muprrr.net | udp |
| US | 8.8.8.8:53 | aqhrnav.net | udp |
| US | 8.8.8.8:53 | uwqlmbjc.info | udp |
| US | 8.8.8.8:53 | kesiiieiyuci.org | udp |
| US | 8.8.8.8:53 | tawsrdf.net | udp |
| US | 8.8.8.8:53 | gyzlvr.net | udp |
| US | 8.8.8.8:53 | penslvp.com | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | vnxfuovrlhlp.info | udp |
| US | 8.8.8.8:53 | dyvelxi.com | udp |
| US | 8.8.8.8:53 | pmqkyvcimebd.net | udp |
| US | 8.8.8.8:53 | vhijtvboq.info | udp |
| US | 8.8.8.8:53 | lwmjdukp.net | udp |
| US | 8.8.8.8:53 | mslujmf.net | udp |
Files
C:\Users\Admin\AppData\Local\Temp\ruvqshgobef.exe
| MD5 | 26f398c93a993fd88b127cbbe3f5956d |
| SHA1 | 1e505dfce27ce2fa6683666f8facc77548e13251 |
| SHA256 | 3510d4469cc4a796aa05419029062d7e32ceceadd441dd76fd18a55d3d12629a |
| SHA512 | e57a71e504f870719500f39bea7b9700bc97d11122c6cd6270bc05a9902888df15d5232b987cbd862fa6f5cb9cec52958288af83625930383bdbb19e32857f4c |
C:\Windows\SysWOW64\lcwpfvunbsckmvrxmf.exe
| MD5 | c01efe28cc72f758cb5548c1b0f4afe1 |
| SHA1 | 23a4aae9c403e8a8484e80780ad911459332bcd6 |
| SHA256 | b8fda1b4500ac5fa17c42f664f5708ce394b039f1a18fc7e526b714df784af6b |
| SHA512 | b1ce44a9919ea0ee91cb3b6d94522656102d95e8c5589d13736045b1919d908fa17e6bf07921e4e94cdc54f3abdc15be3c8fe82a347f6ea955e6958e045ca316 |
C:\Users\Admin\AppData\Local\Temp\jowdhl.exe
| MD5 | c347f6a24fb5c357f2f1bfbf7151082f |
| SHA1 | 3cdeecdc5aab8df26fd4bbe8d93eeb5946738c00 |
| SHA256 | 8fb5ddf04592263a6e31ced33e92d9a605e5c16beea012105fa355d5c40bc115 |
| SHA512 | 1abe26599d1c8bb6ae447232b29b79fa1d44fb8b77105f2ae28980a1e6ee761818390019c267fd6b75e004879ac598bbb74667379c1edf7876a423334f7138f2 |
C:\Users\Admin\AppData\Local\mynbmxrfoafifjablzlaozkesbnsvswnoym.nbm
| MD5 | 43f41e685ca623ec0bc660c71b940006 |
| SHA1 | 2279e83d1dd4e86e28342757a58f668d44f654d0 |
| SHA256 | 9130df3168b76b94cc17faa9b19b5282b70d20788bb2bc55412c28160bc0e465 |
| SHA512 | 0cb14bf103846884dd095ebb0daa5c81c976ac706ab874c0e16a581a374e0d667ae9885c8c7166cedb1d5c4f37b0743f43f490cac3b3298fa49e8f9eabb2a056 |
C:\Users\Admin\AppData\Local\deillluxvwqiuntjilmqtttc.dey
| MD5 | 65a7b3923e05bb5887ac241c47df55c7 |
| SHA1 | ab09880c24edf8d6f677aa34a4f74e8b5869d50c |
| SHA256 | 98c72c7e8e8125df68a11a451a34c097354d64da07fbc7116bc696106672f4b4 |
| SHA512 | 2b439435e24df2eb0d106cc88887cbf6a3111b58c62145fb9415e9c16efc3f3526507def0177b7d1413898a669049adff8d6319c947143e48c654b13bbb34b8d |
C:\Program Files (x86)\deillluxvwqiuntjilmqtttc.dey
| MD5 | 69b8aa2d47a6fe602b40fcb40d4fb7c1 |
| SHA1 | e0876e899882655138e2345d2a6c43521df4e885 |
| SHA256 | 7679ddf56cc465fe934b59fe6807b34be3da17a4a0105867aec4da89dc178bbf |
| SHA512 | 63098d9b3161cb13385185ad21e68c2855925c0996cef397281b3a4dbaf15e0b77026b078842168773b5d49d0289acca310ef9f03a6f350d2b871b8fa3742587 |
C:\Program Files (x86)\deillluxvwqiuntjilmqtttc.dey
| MD5 | 908c4d042032c615a08d70a87a6e68b4 |
| SHA1 | 81cc396d2feee664a063a7427ce5df60f5944a8a |
| SHA256 | 8183e656d44f50d41e75e5047cc5c71993c6b9d2c7a1bebd7cf4dfa95140305e |
| SHA512 | 99d85f7e1ce5e1ddc015417f39b64bc5377de0c75d639b0528dfe263a291cb5931928bdc827854dc6af32cf08051fe7d11d258f8941df0083d350d0ac65148ca |
C:\Program Files (x86)\deillluxvwqiuntjilmqtttc.dey
| MD5 | fc074933f8a1433ba6d96b52ab0bcf7b |
| SHA1 | 2f9de2fb647e55bb6f99846e8d2372c9d65cd4f9 |
| SHA256 | 85a229479a885cd22c8cc737eebba019f17b4aca7564c5dbfb0ce9ae13573723 |
| SHA512 | 17aa51846bad33e050c20acc88278d6d24761d8c6fcebe0253913a912dbcdae97ad8f21e419b04e54f1d03ea5b00c6af110c2bc66ee97827853eb2e5f5ce08b6 |
C:\Program Files (x86)\deillluxvwqiuntjilmqtttc.dey
| MD5 | 51f092c53125da0d7d943a2578cf1dd3 |
| SHA1 | 98098e9a9ef2b447461fefbe0d757b558291e00a |
| SHA256 | a8a1bb1ef9f7ef68591df5cce609e9d5dd5809eec6c7e197329401294fa2266f |
| SHA512 | 4b2e31ebf3df5443949202a9fb01072d5a8fa6f668c92e02eea03de1b1589317dd0cad3e8b5a8f233ab3520badd9be1354891f97ea3d9d2ab2f6e0d2fe3c85a6 |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-18 22:53
Reported
2025-04-18 22:56
Platform
win10v2004-20250314-en
Max time kernel
52s
Max time network
151s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wkyrfwpivhpbvvue.exe" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "mcsndwrmbpznjlmyyc.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dshbqicwkxgtoppaz.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "wkyrfwpivhpbvvue.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "wkyrfwpivhpbvvue.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "dshbqicwkxgtoppaz.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wkyrfwpivhpbvvue.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "dshbqicwkxgtoppaz.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "xofbsmieujujgjlyzeb.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dshbqicwkxgtoppaz.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dshbqicwkxgtoppaz.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mcsndwrmbpznjlmyyc.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "zsljcywumdqhglpehongz.exe" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "mcsndwrmbpznjlmyyc.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dshbqicwkxgtoppaz.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zsljcywumdqhglpehongz.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "dshbqicwkxgtoppaz.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "mcsndwrmbpznjlmyyc.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "mcsndwrmbpznjlmyyc.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wkyrfwpivhpbvvue.exe" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "xofbsmieujujgjlyzeb.exe" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "xofbsmieujujgjlyzeb.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wkyrfwpivhpbvvue.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zsljcywumdqhglpehongz.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "zsljcywumdqhglpehongz.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "mcsndwrmbpznjlmyyc.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "wkyrfwpivhpbvvue.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "zsljcywumdqhglpehongz.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "zsljcywumdqhglpehongz.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zsljcywumdqhglpehongz.exe" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "xofbsmieujujgjlyzeb.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "kcurjebypfrhfjmacigy.exe" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xchrweo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dshbqicwkxgtoppaz.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wemzhsfszf = "mcsndwrmbpznjlmyyc.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\mcsndwrmbpznjlmyyc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\zsljcywumdqhglpehongz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\mcsndwrmbpznjlmyyc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\xofbsmieujujgjlyzeb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\xofbsmieujujgjlyzeb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\xofbsmieujujgjlyzeb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\xofbsmieujujgjlyzeb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\zsljcywumdqhglpehongz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\wkyrfwpivhpbvvue.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\kcurjebypfrhfjmacigy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\mcsndwrmbpznjlmyyc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\kcurjebypfrhfjmacigy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\kcurjebypfrhfjmacigy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\wkyrfwpivhpbvvue.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\xofbsmieujujgjlyzeb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\wkyrfwpivhpbvvue.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\kcurjebypfrhfjmacigy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\dshbqicwkxgtoppaz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\zsljcywumdqhglpehongz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\wkyrfwpivhpbvvue.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\zsljcywumdqhglpehongz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\kcurjebypfrhfjmacigy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\dshbqicwkxgtoppaz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\kcurjebypfrhfjmacigy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\dshbqicwkxgtoppaz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\zsljcywumdqhglpehongz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\wkyrfwpivhpbvvue.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\wkyrfwpivhpbvvue.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\xofbsmieujujgjlyzeb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\zsljcywumdqhglpehongz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\kcurjebypfrhfjmacigy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Windows\xofbsmieujujgjlyzeb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "wkyrfwpivhpbvvue.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "xofbsmieujujgjlyzeb.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dshbqicwkxgtoppaz.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dshbqicwkxgtoppaz.exe ." | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "xofbsmieujujgjlyzeb.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "zsljcywumdqhglpehongz.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oamdpevmxhnxpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mcsndwrmbpznjlmyyc.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "wkyrfwpivhpbvvue.exe" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wkyrfwpivhpbvvue.exe ." | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nyjzkyoeoxclc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wkyrfwpivhpbvvue.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nyjzkyoeoxclc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zsljcywumdqhglpehongz.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "wkyrfwpivhpbvvue.exe ." | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "wkyrfwpivhpbvvue.exe ." | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oamdpevmxhnxpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mcsndwrmbpznjlmyyc.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oamdpevmxhnxpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wkyrfwpivhpbvvue.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "kcurjebypfrhfjmacigy.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mcsndwrmbpznjlmyyc.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rajxgsgucjm = "zsljcywumdqhglpehongz.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rajxgsgucjm = "wkyrfwpivhpbvvue.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "wkyrfwpivhpbvvue.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rajxgsgucjm = "wkyrfwpivhpbvvue.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zsljcywumdqhglpehongz.exe" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mcsndwrmbpznjlmyyc.exe" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oamdpevmxhnxpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mcsndwrmbpznjlmyyc.exe" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nyjzkyoeoxclc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wkyrfwpivhpbvvue.exe ." | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oamdpevmxhnxpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mcsndwrmbpznjlmyyc.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "xofbsmieujujgjlyzeb.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "xofbsmieujujgjlyzeb.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "zsljcywumdqhglpehongz.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mcsndwrmbpznjlmyyc.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "kcurjebypfrhfjmacigy.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "xofbsmieujujgjlyzeb.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rajxgsgucjm = "zsljcywumdqhglpehongz.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "wkyrfwpivhpbvvue.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rajxgsgucjm = "xofbsmieujujgjlyzeb.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oamdpevmxhnxpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mcsndwrmbpznjlmyyc.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nyjzkyoeoxclc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zsljcywumdqhglpehongz.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "mcsndwrmbpznjlmyyc.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "xofbsmieujujgjlyzeb.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mcsndwrmbpznjlmyyc.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rajxgsgucjm = "dshbqicwkxgtoppaz.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nyjzkyoeoxclc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oamdpevmxhnxpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rajxgsgucjm = "kcurjebypfrhfjmacigy.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dshbqicwkxgtoppaz.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "xofbsmieujujgjlyzeb.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "kcurjebypfrhfjmacigy.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rajxgsgucjm = "wkyrfwpivhpbvvue.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oyixhujyhptb = "kcurjebypfrhfjmacigy.exe ." | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "xofbsmieujujgjlyzeb.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "xofbsmieujujgjlyzeb.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dshbqicwkxgtoppaz.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xofbsmieujujgjlyzeb.exe" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\msyjpyju = "xofbsmieujujgjlyzeb.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zsljcywumdqhglpehongz.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dkrdkugsy = "xofbsmieujujgjlyzeb.exe ." | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oamdpevmxhnxpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcurjebypfrhfjmacigy.exe" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qkedxutsldrjjpukowwqkj.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xofbsmieujujgjlyzeb.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xofbsmieujujgjlyzeb.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zsljcywumdqhglpehongz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xofbsmieujujgjlyzeb.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zsljcywumdqhglpehongz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dshbqicwkxgtoppaz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xofbsmieujujgjlyzeb.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kcurjebypfrhfjmacigy.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zsljcywumdqhglpehongz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zsljcywumdqhglpehongz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qkedxutsldrjjpukowwqkj.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File created | C:\Windows\SysWOW64\bazdceimkhaxcnxsbotsrvu.aec | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zsljcywumdqhglpehongz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xofbsmieujujgjlyzeb.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kcurjebypfrhfjmacigy.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dshbqicwkxgtoppaz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kcurjebypfrhfjmacigy.exe | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xofbsmieujujgjlyzeb.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kcurjebypfrhfjmacigy.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qkedxutsldrjjpukowwqkj.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zsljcywumdqhglpehongz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dshbqicwkxgtoppaz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qkedxutsldrjjpukowwqkj.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xofbsmieujujgjlyzeb.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dshbqicwkxgtoppaz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dshbqicwkxgtoppaz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xofbsmieujujgjlyzeb.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xofbsmieujujgjlyzeb.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dshbqicwkxgtoppaz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kcurjebypfrhfjmacigy.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kcurjebypfrhfjmacigy.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xofbsmieujujgjlyzeb.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qkedxutsldrjjpukowwqkj.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kcurjebypfrhfjmacigy.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zsljcywumdqhglpehongz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zsljcywumdqhglpehongz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zsljcywumdqhglpehongz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qkedxutsldrjjpukowwqkj.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kcurjebypfrhfjmacigy.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kcurjebypfrhfjmacigy.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wkyrfwpivhpbvvue.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qkedxutsldrjjpukowwqkj.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\bazdceimkhaxcnxsbotsrvu.aec | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| File created | C:\Program Files (x86)\bazdceimkhaxcnxsbotsrvu.aec | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| File opened for modification | C:\Program Files (x86)\oyixhujyhptbrnioigwgqfpcrgpxbjzvqw.oeo | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| File created | C:\Program Files (x86)\oyixhujyhptbrnioigwgqfpcrgpxbjzvqw.oeo | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\dshbqicwkxgtoppaz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\mcsndwrmbpznjlmyyc.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\qkedxutsldrjjpukowwqkj.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\mcsndwrmbpznjlmyyc.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\zsljcywumdqhglpehongz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\qkedxutsldrjjpukowwqkj.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\kcurjebypfrhfjmacigy.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\dshbqicwkxgtoppaz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\zsljcywumdqhglpehongz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\dshbqicwkxgtoppaz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\xofbsmieujujgjlyzeb.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\wkyrfwpivhpbvvue.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\xofbsmieujujgjlyzeb.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\mcsndwrmbpznjlmyyc.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\xofbsmieujujgjlyzeb.exe | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| File opened for modification | C:\Windows\dshbqicwkxgtoppaz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\qkedxutsldrjjpukowwqkj.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\qkedxutsldrjjpukowwqkj.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\kcurjebypfrhfjmacigy.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\xofbsmieujujgjlyzeb.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\mcsndwrmbpznjlmyyc.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\mcsndwrmbpznjlmyyc.exe | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| File opened for modification | C:\Windows\qkedxutsldrjjpukowwqkj.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\mcsndwrmbpznjlmyyc.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File created | C:\Windows\oyixhujyhptbrnioigwgqfpcrgpxbjzvqw.oeo | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| File opened for modification | C:\Windows\qkedxutsldrjjpukowwqkj.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\kcurjebypfrhfjmacigy.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\xofbsmieujujgjlyzeb.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\kcurjebypfrhfjmacigy.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\qkedxutsldrjjpukowwqkj.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\xofbsmieujujgjlyzeb.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\qkedxutsldrjjpukowwqkj.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\qkedxutsldrjjpukowwqkj.exe | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| File opened for modification | C:\Windows\wkyrfwpivhpbvvue.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\qkedxutsldrjjpukowwqkj.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\mcsndwrmbpznjlmyyc.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\kcurjebypfrhfjmacigy.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\mcsndwrmbpznjlmyyc.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\xofbsmieujujgjlyzeb.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\qkedxutsldrjjpukowwqkj.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\mcsndwrmbpznjlmyyc.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\qkedxutsldrjjpukowwqkj.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\kcurjebypfrhfjmacigy.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\wkyrfwpivhpbvvue.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\qkedxutsldrjjpukowwqkj.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\kcurjebypfrhfjmacigy.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\kcurjebypfrhfjmacigy.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\kcurjebypfrhfjmacigy.exe | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| File opened for modification | C:\Windows\bazdceimkhaxcnxsbotsrvu.aec | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| File opened for modification | C:\Windows\zsljcywumdqhglpehongz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\wkyrfwpivhpbvvue.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\dshbqicwkxgtoppaz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\zsljcywumdqhglpehongz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\zsljcywumdqhglpehongz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\xofbsmieujujgjlyzeb.exe | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| File opened for modification | C:\Windows\kcurjebypfrhfjmacigy.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\zsljcywumdqhglpehongz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\xofbsmieujujgjlyzeb.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\dshbqicwkxgtoppaz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\wkyrfwpivhpbvvue.exe | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| File opened for modification | C:\Windows\mcsndwrmbpznjlmyyc.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\qkedxutsldrjjpukowwqkj.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\dshbqicwkxgtoppaz.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| File opened for modification | C:\Windows\xofbsmieujujgjlyzeb.exe | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kcurjebypfrhfjmacigy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kcurjebypfrhfjmacigy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wkyrfwpivhpbvvue.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zsljcywumdqhglpehongz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mcsndwrmbpznjlmyyc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mcsndwrmbpznjlmyyc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dshbqicwkxgtoppaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xofbsmieujujgjlyzeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wkyrfwpivhpbvvue.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zsljcywumdqhglpehongz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mcsndwrmbpznjlmyyc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xofbsmieujujgjlyzeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kcurjebypfrhfjmacigy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zsljcywumdqhglpehongz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dshbqicwkxgtoppaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kcurjebypfrhfjmacigy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kcurjebypfrhfjmacigy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kcurjebypfrhfjmacigy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xofbsmieujujgjlyzeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zsljcywumdqhglpehongz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mcsndwrmbpznjlmyyc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wkyrfwpivhpbvvue.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zsljcywumdqhglpehongz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mcsndwrmbpznjlmyyc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kcurjebypfrhfjmacigy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xofbsmieujujgjlyzeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dshbqicwkxgtoppaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zsljcywumdqhglpehongz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\xchrweo.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe"
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c01efe28cc72f758cb5548c1b0f4afe1.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."
C:\Users\Admin\AppData\Local\Temp\xchrweo.exe
"C:\Users\Admin\AppData\Local\Temp\xchrweo.exe" "-C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe"
C:\Users\Admin\AppData\Local\Temp\xchrweo.exe
"C:\Users\Admin\AppData\Local\Temp\xchrweo.exe" "-C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe .
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe .
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe .
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dshbqicwkxgtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe
C:\Users\Admin\AppData\Local\Temp\zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zsljcywumdqhglpehongz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkyrfwpivhpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xofbsmieujujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe .
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kcurjebypfrhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcsndwrmbpznjlmyyc.exe
C:\Windows\mcsndwrmbpznjlmyyc.exe
mcsndwrmbpznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe .
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkyrfwpivhpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zsljcywumdqhglpehongz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkyrfwpivhpbvvue.exe*."
C:\Windows\wkyrfwpivhpbvvue.exe
wkyrfwpivhpbvvue.exe
C:\Windows\zsljcywumdqhglpehongz.exe
zsljcywumdqhglpehongz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zsljcywumdqhglpehongz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dshbqicwkxgtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dshbqicwkxgtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xofbsmieujujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcsndwrmbpznjlmyyc.exe .
C:\Windows\xofbsmieujujgjlyzeb.exe
xofbsmieujujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcsndwrmbpznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcurjebypfrhfjmacigy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\kcurjebypfrhfjmacigy.exe
kcurjebypfrhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kcurjebypfrhfjmacigy.exe*."
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcurjebypfrhfjmacigy.exe
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe
C:\Windows\dshbqicwkxgtoppaz.exe
dshbqicwkxgtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xofbsmieujujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkyrfwpivhpbvvue.exe .
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | www.myspace.com | udp |
| US | 34.111.176.156:80 | www.myspace.com | tcp |
| DE | 91.64.127.195:41122 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | nqgljsisc.info | udp |
| US | 8.8.8.8:53 | byqoamvcr.com | udp |
| US | 8.8.8.8:53 | tmypognonyp.info | udp |
| US | 8.8.8.8:53 | mcfuxyx.info | udp |
| US | 8.8.8.8:53 | uoyqgwcyqo.com | udp |
| US | 8.8.8.8:53 | mxxjju.net | udp |
| US | 8.8.8.8:53 | aikiuw.com | udp |
| US | 8.8.8.8:53 | jzsirdfsyukt.net | udp |
| US | 8.8.8.8:53 | thpqvqbzvoof.info | udp |
| US | 8.8.8.8:53 | lfjvvfbidk.net | udp |
| US | 8.8.8.8:53 | okobzkpodnk.info | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| DE | 91.64.127.195:41122 | tcp | |
| US | 8.8.8.8:53 | ntbktaxx.net | udp |
| US | 8.8.8.8:53 | jgxyziq.com | udp |
| US | 8.8.8.8:53 | rkhlgchutah.info | udp |
| US | 8.8.8.8:53 | wtfmpq.net | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | kbipxyan.net | udp |
| US | 8.8.8.8:53 | osmmwiokgqmg.org | udp |
| US | 8.8.8.8:53 | cgbhzav.net | udp |
| US | 8.8.8.8:53 | fsrqnf.net | udp |
| US | 8.8.8.8:53 | fctuqapprdv.info | udp |
| US | 8.8.8.8:53 | tsheimv.com | udp |
| US | 8.8.8.8:53 | bbvmvonsrgo.org | udp |
| US | 8.8.8.8:53 | wvbniei.net | udp |
| US | 8.8.8.8:53 | lflomyhsd.com | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | rjvuhdtucy.info | udp |
| US | 8.8.8.8:53 | ooikmwmsssqk.org | udp |
| US | 8.8.8.8:53 | jrsfbehtpo.net | udp |
| US | 8.8.8.8:53 | lxlonupld.com | udp |
| US | 8.8.8.8:53 | ffpjjj.net | udp |
| US | 8.8.8.8:53 | aqrtjgn.info | udp |
| US | 8.8.8.8:53 | dzevrqzfcs.info | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | vvvhsnhfsr.info | udp |
| US | 8.8.8.8:53 | okggmiaeskuy.org | udp |
| US | 8.8.8.8:53 | ecgpfllc.info | udp |
| US | 8.8.8.8:53 | mqgisi.com | udp |
| US | 8.8.8.8:53 | qsjayliq.info | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | oyxjzglbsbwn.net | udp |
| US | 8.8.8.8:53 | zwkgfgp.com | udp |
| US | 8.8.8.8:53 | kkdzxs.net | udp |
| US | 8.8.8.8:53 | ldmcysd.org | udp |
| US | 8.8.8.8:53 | egkmqyks.org | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | pubdruogecu.org | udp |
| US | 8.8.8.8:53 | vrtmckbqs.org | udp |
| US | 8.8.8.8:53 | azlpqmffevro.net | udp |
| US | 8.8.8.8:53 | ksstdzbowzwx.info | udp |
| US | 8.8.8.8:53 | mumagkss.org | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | kdorpu.net | udp |
| US | 8.8.8.8:53 | icqtysjtl.info | udp |
| US | 8.8.8.8:53 | lqdejiy.org | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | oxucnmxoz.info | udp |
| US | 8.8.8.8:53 | ngfcqt.info | udp |
| US | 8.8.8.8:53 | muykokqe.com | udp |
| US | 8.8.8.8:53 | avorpipe.info | udp |
| US | 8.8.8.8:53 | rmlwazouv.info | udp |
| US | 8.8.8.8:53 | gwyswwoa.com | udp |
| US | 8.8.8.8:53 | vqrkjozybof.net | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | noezsskximn.info | udp |
| US | 8.8.8.8:53 | pzaivcbtpz.net | udp |
| US | 8.8.8.8:53 | wjbndot.net | udp |
| US | 8.8.8.8:53 | qwqoui.com | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | dbofezpshjhw.net | udp |
| US | 8.8.8.8:53 | rrdwkinqmzan.info | udp |
| US | 8.8.8.8:53 | pjskoqpejcta.info | udp |
| US | 8.8.8.8:53 | masuce.org | udp |
| US | 8.8.8.8:53 | rvmurktkglat.net | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | zfvpllfhxcqw.info | udp |
| US | 8.8.8.8:53 | qgopqodhmfyn.info | udp |
| US | 8.8.8.8:53 | psdnfixkknp.net | udp |
| US | 8.8.8.8:53 | rvkzxsksrx.net | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | gonsqv.net | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | efewocjyeyt.net | udp |
| US | 8.8.8.8:53 | eiqarefkbnv.net | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | lcliggieyl.info | udp |
| US | 8.8.8.8:53 | rodyqazwf.net | udp |
| US | 8.8.8.8:53 | zhfgzajs.info | udp |
| US | 8.8.8.8:53 | qqwuicmm.com | udp |
| US | 8.8.8.8:53 | kwvbzlj.info | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | xadyaikilaf.info | udp |
| US | 8.8.8.8:53 | sugnkq.net | udp |
| US | 8.8.8.8:53 | kcuggkgymw.com | udp |
| US | 8.8.8.8:53 | tgxqtg.info | udp |
| US | 8.8.8.8:53 | kqeisacsouco.com | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | eeoqmcuy.org | udp |
| US | 8.8.8.8:53 | odjdfs.info | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | bwaaxjz.net | udp |
| US | 8.8.8.8:53 | tlhfmxplxszg.info | udp |
| US | 8.8.8.8:53 | zuahvvfwncp.info | udp |
| US | 8.8.8.8:53 | kgrhjfmtlg.info | udp |
| US | 8.8.8.8:53 | wxtnictw.net | udp |
| US | 8.8.8.8:53 | wwmymumasq.com | udp |
| US | 8.8.8.8:53 | furqtetgi.org | udp |
| US | 8.8.8.8:53 | dfxkduejpeh.org | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | oezkduhsd.info | udp |
| US | 8.8.8.8:53 | egdfntn.info | udp |
| US | 8.8.8.8:53 | pqfhvw.info | udp |
| US | 8.8.8.8:53 | vwcwzqosey.info | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | fcdnfwkm.net | udp |
| US | 8.8.8.8:53 | rgrjjaubhgb.info | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | drnulndsf.net | udp |
| US | 8.8.8.8:53 | yuimwogi.org | udp |
| US | 8.8.8.8:53 | dwfsjyabfex.info | udp |
| US | 8.8.8.8:53 | idhvodxl.info | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | hiegjhb.com | udp |
| US | 8.8.8.8:53 | irixgsenfexl.info | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | nawwvylul.info | udp |
| US | 8.8.8.8:53 | bhpmiura.info | udp |
| US | 8.8.8.8:53 | skggci.org | udp |
| US | 8.8.8.8:53 | aqglpgaa.info | udp |
| US | 8.8.8.8:53 | mikqyy.org | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | cumksuqc.com | udp |
| US | 8.8.8.8:53 | vzbsvdpik.net | udp |
| US | 8.8.8.8:53 | xdhwreuarc.info | udp |
| US | 8.8.8.8:53 | xefehixwaiz.info | udp |
| US | 8.8.8.8:53 | ebcwmxakhqqf.net | udp |
| US | 8.8.8.8:53 | htyvjr.net | udp |
| US | 8.8.8.8:53 | sgtlssukpxz.info | udp |
| US | 8.8.8.8:53 | baklnwb.net | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | fgihdutz.info | udp |
| US | 8.8.8.8:53 | xawmnvlfjmx.info | udp |
| US | 8.8.8.8:53 | vhsbrhvvwszk.info | udp |
| US | 8.8.8.8:53 | ywnmkrytvbnl.net | udp |
| US | 8.8.8.8:53 | nzdxdlbejjo.info | udp |
| US | 8.8.8.8:53 | hbfhnglsr.com | udp |
| US | 8.8.8.8:53 | zvfdrbbssdhd.info | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | aquwqqxaf.info | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | psncnubqvkb.com | udp |
| US | 8.8.8.8:53 | topdlyikvdf.org | udp |
| US | 8.8.8.8:53 | yzpxnbck.info | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | bxwntoaug.net | udp |
| US | 8.8.8.8:53 | eassyk.com | udp |
| US | 8.8.8.8:53 | pcupzuilhn.net | udp |
| US | 8.8.8.8:53 | iatgmbdmn.info | udp |
| US | 8.8.8.8:53 | nbjylepcjdin.info | udp |
| US | 8.8.8.8:53 | whlulmi.info | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | fwlwxubhm.com | udp |
| US | 8.8.8.8:53 | bxhgfks.net | udp |
| US | 8.8.8.8:53 | gifvdciarzgb.info | udp |
| US | 8.8.8.8:53 | lmpmoqulqfp.info | udp |
| US | 8.8.8.8:53 | szsvybhoqq.net | udp |
| US | 8.8.8.8:53 | nlxllh.net | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | ooekgiqgysmk.org | udp |
| US | 8.8.8.8:53 | dctwvtpeu.net | udp |
| US | 8.8.8.8:53 | cyeimkweuwmy.com | udp |
| US | 8.8.8.8:53 | njrrvxbutg.net | udp |
| US | 8.8.8.8:53 | vsrilyj.org | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | asviyilov.info | udp |
| US | 8.8.8.8:53 | ikmfhpff.info | udp |
| US | 8.8.8.8:53 | nfyloqwv.net | udp |
| US | 8.8.8.8:53 | lbhjeutt.net | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | ymkugu.com | udp |
| US | 8.8.8.8:53 | putqyeb.net | udp |
| US | 8.8.8.8:53 | knjihpdgrb.net | udp |
| US | 8.8.8.8:53 | xjqsbvfw.net | udp |
| US | 8.8.8.8:53 | ydrgxnrwbv.info | udp |
| US | 8.8.8.8:53 | quxwpwsminf.net | udp |
| US | 8.8.8.8:53 | kuofau.info | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | fkspnhzu.info | udp |
| US | 8.8.8.8:53 | tuvdqcuircn.com | udp |
| US | 8.8.8.8:53 | urlgyoll.net | udp |
| US | 8.8.8.8:53 | bjfsfiztdka.net | udp |
| US | 8.8.8.8:53 | kibsbogss.net | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | hitmosblryv.org | udp |
| US | 8.8.8.8:53 | nqmgyatjr.org | udp |
| US | 8.8.8.8:53 | dwvthflxpfll.net | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | bbsgsb.info | udp |
| US | 8.8.8.8:53 | hcrxukk.net | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | nogbdz.net | udp |
| US | 8.8.8.8:53 | afxtnxfkue.net | udp |
| US | 8.8.8.8:53 | okfadcsdz.net | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | drqmme.info | udp |
| US | 8.8.8.8:53 | eewqmwso.com | udp |
| US | 8.8.8.8:53 | yykscykafgns.net | udp |
| US | 8.8.8.8:53 | suwkhodgqgb.info | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | lksltyb.info | udp |
| US | 8.8.8.8:53 | wauwhup.net | udp |
| US | 8.8.8.8:53 | uyiwiooi.com | udp |
| US | 8.8.8.8:53 | hltjygx.com | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | ewzgsqreozs.net | udp |
| US | 8.8.8.8:53 | gkxvzl.info | udp |
| US | 8.8.8.8:53 | riaxtjzzxwke.net | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | fibebaoanol.net | udp |
| US | 8.8.8.8:53 | hjcnpiqcksax.info | udp |
| US | 8.8.8.8:53 | fkdgakrwl.com | udp |
| US | 8.8.8.8:53 | nwakcvqetddt.info | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | ygdikrhxllsg.net | udp |
| US | 8.8.8.8:53 | bjeseotnvz.info | udp |
| US | 8.8.8.8:53 | eefufemkpwq.info | udp |
| US | 8.8.8.8:53 | dwdclmj.net | udp |
| US | 8.8.8.8:53 | hpmldefspwu.com | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | rtxhbwsxlz.info | udp |
| US | 8.8.8.8:53 | rpecwiq.info | udp |
| US | 8.8.8.8:53 | snzhdn.net | udp |
| US | 8.8.8.8:53 | dbiokrlu.net | udp |
| US | 8.8.8.8:53 | dwpmcwemx.net | udp |
| US | 8.8.8.8:53 | rkhezmt.info | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | anlmsuk.net | udp |
| US | 8.8.8.8:53 | gimkegse.com | udp |
| US | 8.8.8.8:53 | xhelqstzfv.net | udp |
| US | 8.8.8.8:53 | ccmwtug.net | udp |
| US | 8.8.8.8:53 | nezwtaxtz.org | udp |
| US | 8.8.8.8:53 | uylsetsmxzrf.net | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | hwlocedal.net | udp |
| US | 8.8.8.8:53 | vnztbp.net | udp |
| US | 8.8.8.8:53 | sijwoachx.info | udp |
| US | 8.8.8.8:53 | xejcfc.info | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | jjgtrtduqwlw.net | udp |
| US | 8.8.8.8:53 | ycnhry.info | udp |
| US | 8.8.8.8:53 | pxlzfrnwpd.info | udp |
| US | 8.8.8.8:53 | spjzdh.info | udp |
| US | 8.8.8.8:53 | mdvmxsyqns.net | udp |
| US | 8.8.8.8:53 | vshipyyrj.com | udp |
| US | 8.8.8.8:53 | qyfarqhcyow.net | udp |
| US | 8.8.8.8:53 | xcgctqfrpvxn.net | udp |
| US | 8.8.8.8:53 | kwhnlsvlrlt.info | udp |
| US | 8.8.8.8:53 | caxmjcdev.info | udp |
| US | 8.8.8.8:53 | fvnnnpcs.net | udp |
| US | 8.8.8.8:53 | eebrhvheishc.net | udp |
| US | 8.8.8.8:53 | gwwmcqsioaki.org | udp |
| US | 8.8.8.8:53 | xxcsfot.com | udp |
| US | 8.8.8.8:53 | dctqforwk.com | udp |
| US | 8.8.8.8:53 | sqsokwlctiv.net | udp |
| US | 8.8.8.8:53 | rmrkccttr.org | udp |
| US | 8.8.8.8:53 | cqfqxobwdqz.net | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | hxmirbrwnx.net | udp |
| US | 8.8.8.8:53 | xefmfrjarcyl.net | udp |
| US | 8.8.8.8:53 | udjfavgm.info | udp |
| US | 8.8.8.8:53 | hypkakhlmy.info | udp |
| US | 8.8.8.8:53 | nebmlmbvdbt.net | udp |
| US | 8.8.8.8:53 | qpoxyujkvzdq.net | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | tghclnarytma.info | udp |
| US | 8.8.8.8:53 | xupazehwp.net | udp |
| US | 8.8.8.8:53 | sxadhrfw.net | udp |
| US | 8.8.8.8:53 | bcmsblrvn.com | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | pbtabuhk.info | udp |
| US | 8.8.8.8:53 | cevjorb.net | udp |
| US | 8.8.8.8:53 | pnpcmnsq.info | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | vteivueg.net | udp |
| US | 8.8.8.8:53 | yugemkui.org | udp |
| US | 8.8.8.8:53 | wgieme.org | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | cweusaqwyy.com | udp |
| US | 8.8.8.8:53 | wkieugyu.org | udp |
| US | 8.8.8.8:53 | dwdzzshf.info | udp |
| US | 8.8.8.8:53 | sktrrja.net | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | iedslrsij.info | udp |
| US | 8.8.8.8:53 | awvgtxs.net | udp |
| US | 8.8.8.8:53 | jnyucbxilcsr.net | udp |
| US | 8.8.8.8:53 | qchgxvcnjr.net | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | njmkhnhyeyt.info | udp |
| US | 8.8.8.8:53 | iclghlmadq.info | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | bikedyb.info | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | tiiaoedhb.net | udp |
| US | 8.8.8.8:53 | cazqdydnn.net | udp |
| US | 8.8.8.8:53 | iumisc.org | udp |
| US | 8.8.8.8:53 | qwxzcsyxlz.info | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | ayuscuek.com | udp |
| US | 8.8.8.8:53 | wlqfxq.info | udp |
| US | 8.8.8.8:53 | qqynzrjbca.info | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | xrqhfhlwz.net | udp |
| US | 8.8.8.8:53 | zycybalekwv.info | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | wiglykwae.net | udp |
| US | 8.8.8.8:53 | uzoqhk.net | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | uyoful.net | udp |
| US | 8.8.8.8:53 | ugiqoyya.org | udp |
| US | 8.8.8.8:53 | txrpnqwau.com | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | phsplyh.com | udp |
| US | 8.8.8.8:53 | dhswvice.info | udp |
| US | 8.8.8.8:53 | ldgqcyohky.net | udp |
| US | 8.8.8.8:53 | otryhsc.info | udp |
| US | 8.8.8.8:53 | wjhzqdttqy.net | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | rrnqjuyxl.net | udp |
| US | 8.8.8.8:53 | gqfcvchwv.net | udp |
| US | 8.8.8.8:53 | rwsfirgnpvxv.net | udp |
| US | 8.8.8.8:53 | wkqicslhlkj.net | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | hknixwdknue.info | udp |
| US | 8.8.8.8:53 | eejwdarmswx.info | udp |
| US | 8.8.8.8:53 | pilegl.info | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | toogpycl.net | udp |
| US | 8.8.8.8:53 | hefxpc.info | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | vovigazhvcj.org | udp |
| US | 8.8.8.8:53 | jwxmiyimh.info | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | ucfsrzl.net | udp |
| US | 8.8.8.8:53 | iotrojfwi.net | udp |
| US | 8.8.8.8:53 | psdrzelyr.net | udp |
| US | 8.8.8.8:53 | ogyytydxjeg.net | udp |
| US | 8.8.8.8:53 | nllgvmc.info | udp |
| NL | 173.194.69.94:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | gazefmucduz.info | udp |
| US | 8.8.8.8:53 | byahpmmju.info | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | tvjwnhkq.info | udp |
| US | 8.8.8.8:53 | qycmme.org | udp |
| US | 8.8.8.8:53 | twchowfkdfy.info | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | lmfhvluqdkb.info | udp |
| US | 8.8.8.8:53 | iixjlujr.net | udp |
| US | 8.8.8.8:53 | rudzlytvi.org | udp |
| US | 8.8.8.8:53 | vuwypato.net | udp |
| US | 8.8.8.8:53 | eokvub.info | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | putfxqv.org | udp |
| US | 8.8.8.8:53 | mixyjfr.net | udp |
| US | 8.8.8.8:53 | pqfcliu.org | udp |
| US | 8.8.8.8:53 | lttmgntl.net | udp |
| US | 8.8.8.8:53 | wfdjjbuwx.net | udp |
| US | 8.8.8.8:53 | zmrepgnoibe.info | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | boveifnpgvxq.net | udp |
| US | 8.8.8.8:53 | hjtfpdfkzg.info | udp |
| US | 8.8.8.8:53 | jzqonorgpq.net | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | tufusplsdxvj.net | udp |
| US | 8.8.8.8:53 | nefsbc.info | udp |
| US | 8.8.8.8:53 | zxpxavfqys.info | udp |
| US | 8.8.8.8:53 | nqvylcjvko.info | udp |
| US | 8.8.8.8:53 | banxxjtu.info | udp |
| US | 8.8.8.8:53 | kbpowlplzt.net | udp |
| US | 8.8.8.8:53 | ewfejgwko.net | udp |
| US | 8.8.8.8:53 | zwfigpu.net | udp |
| US | 8.8.8.8:53 | ntgmyuncdyh.com | udp |
| US | 8.8.8.8:53 | rpasznfyus.info | udp |
| US | 8.8.8.8:53 | tgyuhya.org | udp |
| US | 8.8.8.8:53 | valeuyecu.info | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | qgckrlsofxv.net | udp |
| US | 8.8.8.8:53 | fkppuezspib.com | udp |
| US | 8.8.8.8:53 | kccioukecmim.com | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | ukicmwccsksg.org | udp |
| US | 8.8.8.8:53 | eoukqmgi.com | udp |
| US | 8.8.8.8:53 | qwmfzgh.info | udp |
| US | 8.8.8.8:53 | oubbvffehirr.net | udp |
| US | 8.8.8.8:53 | xapcpzpsr.net | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | aabbtrsevgil.net | udp |
| US | 8.8.8.8:53 | zgfmqgzla.info | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | ksnelpckjan.info | udp |
| US | 8.8.8.8:53 | kakqia.org | udp |
| US | 8.8.8.8:53 | ddwnke.net | udp |
| US | 8.8.8.8:53 | auzklmfpnkz.net | udp |
| US | 8.8.8.8:53 | oqoqyegi.org | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | bdwxbm.info | udp |
| US | 8.8.8.8:53 | ywcuciss.com | udp |
| US | 8.8.8.8:53 | mkmyukcioyeo.com | udp |
| US | 8.8.8.8:53 | pgzzsenlrf.net | udp |
| US | 8.8.8.8:53 | vewnsadvvzgc.net | udp |
| US | 8.8.8.8:53 | wwmwwwgseu.com | udp |
| US | 8.8.8.8:53 | xhdztsfyg.com | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | hcfanww.org | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | rufzowcaezwh.net | udp |
| US | 8.8.8.8:53 | febgqot.net | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | ulicbcr.net | udp |
| US | 8.8.8.8:53 | wkgywmyeki.org | udp |
| US | 8.8.8.8:53 | ralmdt.net | udp |
| US | 8.8.8.8:53 | fsdozey.net | udp |
| US | 8.8.8.8:53 | rrjkne.info | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | hmxnvffibizr.info | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | jaffgk.net | udp |
| US | 8.8.8.8:53 | kzgoskiin.net | udp |
| US | 8.8.8.8:53 | bvttlksj.net | udp |
| US | 8.8.8.8:53 | yatfbfnkl.net | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | yojoluu.net | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | tcrcve.info | udp |
| US | 8.8.8.8:53 | vddmfabc.info | udp |
| US | 8.8.8.8:53 | awsiawcq.org | udp |
| US | 8.8.8.8:53 | nftkcwptb.info | udp |
| US | 8.8.8.8:53 | nebhgldc.info | udp |
| US | 8.8.8.8:53 | korjkotedahq.net | udp |
| US | 8.8.8.8:53 | xtzzkj.net | udp |
| US | 8.8.8.8:53 | gqochr.info | udp |
| US | 8.8.8.8:53 | siqwem.org | udp |
| US | 8.8.8.8:53 | eucaekim.com | udp |
| US | 8.8.8.8:53 | iivixanid.info | udp |
| US | 8.8.8.8:53 | dbxwtxbukejo.net | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | gusuke.org | udp |
| US | 8.8.8.8:53 | nqwwnbcw.info | udp |
| US | 8.8.8.8:53 | vnkapyllfo.info | udp |
| US | 8.8.8.8:53 | qkrrxy.info | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | wwgylwxue.net | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | gqrmaszaq.net | udp |
| US | 8.8.8.8:53 | byqkbud.org | udp |
| US | 8.8.8.8:53 | zzlgnpbb.net | udp |
| US | 8.8.8.8:53 | jodyzyektjoa.net | udp |
| US | 8.8.8.8:53 | syrvegxmyao.net | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | ecucoywi.com | udp |
| US | 8.8.8.8:53 | rwfqsmq.org | udp |
| US | 8.8.8.8:53 | uamchac.net | udp |
| US | 8.8.8.8:53 | yaciqwoc.com | udp |
| US | 8.8.8.8:53 | maeunkze.info | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | agquggwccgcu.org | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | tgerhszutdf.info | udp |
| US | 8.8.8.8:53 | dvpumxrcjj.info | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | zzxxbm.info | udp |
| US | 8.8.8.8:53 | ikzgmyh.net | udp |
| US | 8.8.8.8:53 | chbhdpxg.info | udp |
| US | 8.8.8.8:53 | qjfsolx.net | udp |
| US | 8.8.8.8:53 | jsdceqa.org | udp |
| US | 8.8.8.8:53 | ewayssyimayu.com | udp |
| US | 8.8.8.8:53 | wghmtufllo.info | udp |
| US | 8.8.8.8:53 | yqakwgki.com | udp |
| US | 8.8.8.8:53 | tdjucxngzkm.info | udp |
| US | 8.8.8.8:53 | xplsdbpr.info | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | qduozsaxfjr.net | udp |
| US | 8.8.8.8:53 | uapqdyz.net | udp |
| US | 8.8.8.8:53 | viyylrhutj.info | udp |
| US | 8.8.8.8:53 | bcxkaty.net | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | zgkqiuvn.net | udp |
| US | 8.8.8.8:53 | hpaiqkiwj.net | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | hupyrfg.net | udp |
| US | 8.8.8.8:53 | ftattwjnx.info | udp |
| US | 8.8.8.8:53 | ownwhso.net | udp |
| US | 8.8.8.8:53 | pebloxnvlik.info | udp |
| US | 8.8.8.8:53 | rqhgyujrhx.info | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | dtqero.net | udp |
| US | 8.8.8.8:53 | dmxhjyzojzl.org | udp |
| US | 8.8.8.8:53 | eczbvkmmuzj.net | udp |
| US | 8.8.8.8:53 | hclysgrmv.info | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | ugwglyfyf.info | udp |
| US | 8.8.8.8:53 | swcogsowck.org | udp |
| US | 8.8.8.8:53 | tqbytkybrmn.info | udp |
| US | 8.8.8.8:53 | oyemaqoauewo.com | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | pqvkojdizyzf.net | udp |
| US | 8.8.8.8:53 | yuzgapg.info | udp |
| US | 8.8.8.8:53 | dryqnamp.net | udp |
| US | 8.8.8.8:53 | drgvvqqbal.info | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | zpdehcee.info | udp |
| US | 8.8.8.8:53 | mxtzpiijrk.net | udp |
| US | 8.8.8.8:53 | lqchmehqvkb.com | udp |
| US | 8.8.8.8:53 | irlmvlrya.net | udp |
| US | 8.8.8.8:53 | wppitxsqbfdd.info | udp |
| US | 8.8.8.8:53 | eusism.org | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | znldfvzcyxfb.net | udp |
| US | 8.8.8.8:53 | fhlkjmn.info | udp |
| US | 8.8.8.8:53 | agjshwl.net | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | qmrqnnaibpbj.info | udp |
| US | 8.8.8.8:53 | xdseensu.net | udp |
| US | 8.8.8.8:53 | imfalkfpz.net | udp |
| US | 8.8.8.8:53 | fzzyjbnmo.com | udp |
| US | 8.8.8.8:53 | bnqklklisc.net | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | wumrdat.info | udp |
| US | 8.8.8.8:53 | fipevzrwlwr.net | udp |
| US | 8.8.8.8:53 | hahdyfaem.org | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | qacqlus.net | udp |
| US | 8.8.8.8:53 | jwwdskqyu.com | udp |
| US | 8.8.8.8:53 | dxlmrdr.com | udp |
| US | 8.8.8.8:53 | ymguwlriv.net | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | nypszp.net | udp |
| US | 8.8.8.8:53 | kszwwovoa.info | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | zvlcbkcwf.org | udp |
| US | 8.8.8.8:53 | tyysliseisn.com | udp |
| US | 8.8.8.8:53 | daaqgxh.net | udp |
| US | 8.8.8.8:53 | zorscdz.org | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | rztamj.net | udp |
| US | 8.8.8.8:53 | ikrlkokclxt.info | udp |
| US | 8.8.8.8:53 | dmfqysc.com | udp |
| US | 8.8.8.8:53 | gokkpxhntyr.info | udp |
| US | 8.8.8.8:53 | pzsrnn.info | udp |
| US | 8.8.8.8:53 | yxetabbuwenv.net | udp |
| US | 8.8.8.8:53 | oskumy.org | udp |
| US | 8.8.8.8:53 | tjwytizs.net | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | iovtfshfmj.net | udp |
| US | 8.8.8.8:53 | njfyfbyxvr.net | udp |
| US | 8.8.8.8:53 | mcdqwqh.net | udp |
| US | 8.8.8.8:53 | geuymww.info | udp |
| US | 8.8.8.8:53 | dcrmnkcezmr.com | udp |
| US | 8.8.8.8:53 | wubngvnil.info | udp |
| US | 8.8.8.8:53 | eihzzkta.net | udp |
| US | 8.8.8.8:53 | nvopelbb.info | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | ubzqjhdqpu.info | udp |
| US | 8.8.8.8:53 | mccikmiaqu.com | udp |
| US | 8.8.8.8:53 | knjatymw.net | udp |
| US | 8.8.8.8:53 | tutczuf.info | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | kwthxhnh.net | udp |
| US | 8.8.8.8:53 | imetsvuscwn.net | udp |
| US | 8.8.8.8:53 | digqzs.net | udp |
| US | 8.8.8.8:53 | ncbgkqppdaap.net | udp |
| US | 8.8.8.8:53 | viwyrwydb.org | udp |
| US | 8.8.8.8:53 | asqqtmhqdgl.net | udp |
| US | 8.8.8.8:53 | yuwayo.org | udp |
| US | 8.8.8.8:53 | rqnxifizgwsj.net | udp |
| US | 8.8.8.8:53 | pvbywcgwysfu.net | udp |
| US | 8.8.8.8:53 | jawipes.com | udp |
| US | 8.8.8.8:53 | zkogzgxamor.net | udp |
| US | 8.8.8.8:53 | pzpwaa.info | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | jupcjjpuvahh.info | udp |
| US | 8.8.8.8:53 | iuysik.org | udp |
| US | 8.8.8.8:53 | mkwyumsqio.org | udp |
| US | 8.8.8.8:53 | filytkg.info | udp |
| US | 8.8.8.8:53 | ugasoq.org | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | hkpmfin.com | udp |
| US | 8.8.8.8:53 | mmfwzxtir.info | udp |
| US | 8.8.8.8:53 | fielxk.net | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | keggicyq.com | udp |
| US | 8.8.8.8:53 | bnwsvo.net | udp |
| US | 8.8.8.8:53 | zcrnalnsp.com | udp |
| US | 8.8.8.8:53 | wkfjjahqvkk.info | udp |
| US | 8.8.8.8:53 | hxockobonvj.com | udp |
| US | 8.8.8.8:53 | xvvtfuz.net | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | rufmzfcypmh.net | udp |
| US | 8.8.8.8:53 | rpqctxfbtcfy.net | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | eswkcsckskqo.com | udp |
| US | 8.8.8.8:53 | jkllshdedl.net | udp |
| US | 8.8.8.8:53 | xduorrxy.net | udp |
| US | 8.8.8.8:53 | movurehtpxqz.net | udp |
| US | 8.8.8.8:53 | qgaouusyawia.com | udp |
| US | 8.8.8.8:53 | ielkjlnarv.info | udp |
| US | 8.8.8.8:53 | jniovum.net | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | eiiuqsumuw.com | udp |
| US | 8.8.8.8:53 | jfludhaebi.net | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | xsddrjpcbt.net | udp |
| US | 8.8.8.8:53 | aaftpevwng.net | udp |
| US | 8.8.8.8:53 | hlxletjqec.info | udp |
| US | 8.8.8.8:53 | pijpnex.com | udp |
| US | 8.8.8.8:53 | ycsmmmyk.com | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | ueveosnohdh.net | udp |
| US | 8.8.8.8:53 | cnuqnfyyaj.net | udp |
| US | 8.8.8.8:53 | agekagsmye.org | udp |
| US | 8.8.8.8:53 | guoasgeikiyg.org | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | vqxulk.info | udp |
| US | 8.8.8.8:53 | rbuifxjegy.net | udp |
| US | 8.8.8.8:53 | mpomyenylv.info | udp |
| US | 8.8.8.8:53 | kuwoeiokmoac.org | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | gyfmhypcnav.info | udp |
| US | 8.8.8.8:53 | vhtzfesbxtru.info | udp |
| US | 8.8.8.8:53 | fkgidsdepmn.com | udp |
| US | 8.8.8.8:53 | rgmudgkbvf.info | udp |
| US | 8.8.8.8:53 | xfgmmkszwu.info | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | vmtkgndcoij.com | udp |
| US | 8.8.8.8:53 | xqnczyq.info | udp |
| US | 8.8.8.8:53 | skncckcqfkn.info | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | zgekwepzpsao.info | udp |
| US | 8.8.8.8:53 | vuleibjrjt.net | udp |
| US | 8.8.8.8:53 | lqnvccbbqop.com | udp |
| US | 8.8.8.8:53 | ourctfsmkg.net | udp |
| US | 8.8.8.8:53 | nanszgashef.com | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | lbagzrrjrniq.info | udp |
| US | 8.8.8.8:53 | lvnxngt.org | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | vffbjkwotiky.info | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | kzbicp.info | udp |
| US | 8.8.8.8:53 | ytwjljzupb.info | udp |
| US | 8.8.8.8:53 | auvmsmnazmj.info | udp |
| US | 8.8.8.8:53 | dmyidig.com | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | dkbipwdqxwz.com | udp |
| US | 8.8.8.8:53 | agmwfmugt.info | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | gqooqkquymuw.org | udp |
| US | 8.8.8.8:53 | lcxlvagnywpq.info | udp |
| US | 8.8.8.8:53 | jyludl.net | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | dxzznd.info | udp |
| US | 8.8.8.8:53 | iwfotnxdx.net | udp |
| US | 8.8.8.8:53 | bklljpa.info | udp |
| US | 8.8.8.8:53 | sntyyq.info | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | aaaygycqumuk.com | udp |
| US | 8.8.8.8:53 | ampocuhbjsy.info | udp |
| US | 8.8.8.8:53 | zozmtbrlztly.net | udp |
| US | 8.8.8.8:53 | xyxtdrtw.net | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | gkammqok.com | udp |
| US | 8.8.8.8:53 | robtrede.net | udp |
| US | 8.8.8.8:53 | fneoyxja.net | udp |
| US | 8.8.8.8:53 | ksugllygfw.info | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | lialdcn.info | udp |
| US | 8.8.8.8:53 | trlglgdvk.net | udp |
| US | 8.8.8.8:53 | awimws.org | udp |
| US | 8.8.8.8:53 | mjhrpurtf.info | udp |
| US | 8.8.8.8:53 | ucxkhcb.net | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | pctgjkc.net | udp |
| US | 8.8.8.8:53 | kfbrthxyceir.net | udp |
| US | 8.8.8.8:53 | agkoayoumeoy.com | udp |
| US | 8.8.8.8:53 | lzlmbotfc.info | udp |
| US | 8.8.8.8:53 | xzorndrepw.info | udp |
| US | 8.8.8.8:53 | haymflbcn.org | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | drqvpb.info | udp |
| US | 8.8.8.8:53 | zzqjto.net | udp |
| US | 8.8.8.8:53 | rwdhnq.info | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | igxzbkqihqf.net | udp |
| US | 8.8.8.8:53 | eorobfj.info | udp |
| US | 8.8.8.8:53 | rvxfakieiy.net | udp |
| US | 8.8.8.8:53 | vsltvpo.org | udp |
| US | 8.8.8.8:53 | nnlukz.net | udp |
| US | 8.8.8.8:53 | pegubidpd.com | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | ttkfqpjt.info | udp |
| US | 8.8.8.8:53 | qeqiiyiweo.com | udp |
| US | 8.8.8.8:53 | bizcxz.info | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | pvzyfdpvfe.net | udp |
| US | 8.8.8.8:53 | alhwlmih.net | udp |
| US | 8.8.8.8:53 | latudsbun.info | udp |
| US | 8.8.8.8:53 | rrxzdwmrr.net | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | snhzhakufssh.info | udp |
| US | 8.8.8.8:53 | cmxfojwmoz.info | udp |
| US | 8.8.8.8:53 | gmtgfgvnhp.net | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | nyefvbndeu.info | udp |
| US | 8.8.8.8:53 | tzbcap.info | udp |
| US | 8.8.8.8:53 | zlbmsinil.net | udp |
| US | 8.8.8.8:53 | baaytfoiqlfp.info | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | iyjofui.info | udp |
| US | 8.8.8.8:53 | xcujivgaamjj.net | udp |
| US | 8.8.8.8:53 | tdfkdijpra.info | udp |
| US | 8.8.8.8:53 | yscmgi.com | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | iuioekiyqm.org | udp |
| US | 8.8.8.8:53 | xtzgsogf.net | udp |
| US | 8.8.8.8:53 | empaiqmewsb.net | udp |
| US | 8.8.8.8:53 | xudpqweca.net | udp |
| US | 8.8.8.8:53 | byvnpqlotrrp.info | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | kwvxwiszjpg.info | udp |
| US | 8.8.8.8:53 | rtgoiw.info | udp |
| US | 8.8.8.8:53 | vrnddrrmxh.info | udp |
| US | 8.8.8.8:53 | lamvamrqv.com | udp |
| US | 8.8.8.8:53 | cywiic.com | udp |
| US | 8.8.8.8:53 | tvjamwoum.org | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | eqigwesc.org | udp |
| US | 8.8.8.8:53 | uqcukumiws.com | udp |
| US | 8.8.8.8:53 | ooogqmia.org | udp |
| US | 8.8.8.8:53 | flvekobb.net | udp |
| US | 8.8.8.8:53 | ahaarpz.net | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | fzlxheby.info | udp |
| US | 8.8.8.8:53 | phtcxqxsryr.org | udp |
| US | 8.8.8.8:53 | hcyquvdojcrh.info | udp |
| US | 8.8.8.8:53 | msvcpvheg.net | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | hfibjixcnv.net | udp |
| US | 8.8.8.8:53 | xczqpfsq.net | udp |
| US | 8.8.8.8:53 | hmduoav.com | udp |
| US | 8.8.8.8:53 | pfhkgjudyr.info | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | rgixcydenwn.net | udp |
| US | 8.8.8.8:53 | guwwmecwge.org | udp |
| US | 8.8.8.8:53 | riggkatwk.info | udp |
| US | 8.8.8.8:53 | ptpqkybdbmr.net | udp |
| US | 8.8.8.8:53 | tzugdgob.info | udp |
| US | 8.8.8.8:53 | surlhyf.info | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | xolafyo.org | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | ynxdfrnwlk.net | udp |
| US | 8.8.8.8:53 | agtatmwgh.info | udp |
| US | 8.8.8.8:53 | gdgezthffsru.net | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | btfapfuh.net | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | heqixmqykt.net | udp |
| US | 8.8.8.8:53 | hdnpuunbc.com | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | wkldqrkpaz.info | udp |
| US | 8.8.8.8:53 | pvuscboenez.net | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | kkpknttwdyv.net | udp |
| US | 8.8.8.8:53 | gsmalljblrdo.info | udp |
| US | 8.8.8.8:53 | quwhjoarj.net | udp |
| US | 8.8.8.8:53 | ycngvplmaqu.info | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | wamggmuagesg.org | udp |
| US | 8.8.8.8:53 | mpytks.net | udp |
| US | 8.8.8.8:53 | wipdsls.info | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | dzrxfy.info | udp |
| US | 8.8.8.8:53 | yiuvtuhapdae.net | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | omfuoaf.info | udp |
| US | 8.8.8.8:53 | xszojlob.info | udp |
| US | 8.8.8.8:53 | zwpaxq.net | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | nfaipqjzchhx.net | udp |
| US | 8.8.8.8:53 | psrrqakzlx.info | udp |
| US | 8.8.8.8:53 | ykqgwahalan.info | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | dahxrm.net | udp |
| US | 8.8.8.8:53 | pxwtkcla.info | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | scukugf.info | udp |
| US | 8.8.8.8:53 | zorxtqbyj.org | udp |
| US | 8.8.8.8:53 | qmtgqnjgdvw.info | udp |
| US | 8.8.8.8:53 | eylkbkpal.info | udp |
| US | 8.8.8.8:53 | wwkaqu.com | udp |
| US | 8.8.8.8:53 | zutwnqqcpgb.info | udp |
| US | 8.8.8.8:53 | juptfrx.info | udp |
| US | 8.8.8.8:53 | ckmiohrnxguw.info | udp |
| US | 8.8.8.8:53 | ggbfhz.info | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | zhqbxjxl.net | udp |
| US | 8.8.8.8:53 | twaonbuasalj.info | udp |
| US | 8.8.8.8:53 | zqzplwdvydhi.info | udp |
| US | 8.8.8.8:53 | kccyca.org | udp |
| US | 8.8.8.8:53 | ldzsmv.info | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | enpdlrdx.info | udp |
| US | 8.8.8.8:53 | ibavrxzyut.info | udp |
| US | 8.8.8.8:53 | sfexbzvriz.info | udp |
| US | 8.8.8.8:53 | saaica.com | udp |
| US | 8.8.8.8:53 | rolqtyt.net | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | igukoe.com | udp |
| US | 8.8.8.8:53 | hejrqzjozrv.net | udp |
| US | 8.8.8.8:53 | voouver.com | udp |
| US | 8.8.8.8:53 | iinaksrbyo.net | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | fdxqzu.net | udp |
| US | 8.8.8.8:53 | ungykx.net | udp |
| US | 8.8.8.8:53 | tfatha.info | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | zanjbg.info | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | pbhqdnhg.info | udp |
| US | 8.8.8.8:53 | debujzrsrye.info | udp |
| US | 8.8.8.8:53 | akyuesckcymm.com | udp |
| US | 8.8.8.8:53 | qmdyrizcryn.info | udp |
| US | 8.8.8.8:53 | cgzqtowog.info | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | egxaiwoicmy.info | udp |
| US | 8.8.8.8:53 | wkvqgpfvda.net | udp |
| US | 8.8.8.8:53 | dcpsztks.info | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| US | 8.8.8.8:53 | aqsoqywk.com | udp |
| US | 8.8.8.8:53 | lputegbv.net | udp |
| US | 8.8.8.8:53 | lmzpabhapojl.info | udp |
| US | 8.8.8.8:53 | nmdetfzlud.info | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | fwokxwu.info | udp |
| US | 8.8.8.8:53 | scgvvbjqc.info | udp |
| US | 8.8.8.8:53 | xqirhc.net | udp |
| US | 8.8.8.8:53 | bagxut.net | udp |
| US | 8.8.8.8:53 | scmsci.org | udp |
| US | 8.8.8.8:53 | fvqzjnxplmzr.info | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | vehuxguwz.info | udp |
| US | 8.8.8.8:53 | icrhumtu.net | udp |
| US | 8.8.8.8:53 | qskiyoqikk.com | udp |
| US | 8.8.8.8:53 | mxhenepsp.info | udp |
| US | 8.8.8.8:53 | njmcziusyml.net | udp |
| US | 8.8.8.8:53 | jmmateeavgp.info | udp |
| US | 8.8.8.8:53 | giekgyskeiik.org | udp |
| US | 8.8.8.8:53 | velqbkv.info | udp |
| US | 8.8.8.8:53 | igqvvogjhgke.net | udp |
| US | 8.8.8.8:53 | qmpmvfnqr.net | udp |
| US | 8.8.8.8:53 | jafrwjovcmrn.info | udp |
| US | 8.8.8.8:53 | bavppixu.net | udp |
| US | 8.8.8.8:53 | fkgritslx.org | udp |
| US | 8.8.8.8:53 | hijsjf.info | udp |
| US | 8.8.8.8:53 | fbdwwo.info | udp |
| US | 8.8.8.8:53 | qioeyikiskio.org | udp |
| US | 8.8.8.8:53 | xnbezwdl.info | udp |
| US | 8.8.8.8:53 | nygadseimxh.net | udp |
| US | 8.8.8.8:53 | lrvnbqgx.net | udp |
| US | 8.8.8.8:53 | fcpvwc.net | udp |
| US | 8.8.8.8:53 | gikowiqguw.org | udp |
| US | 8.8.8.8:53 | ptpwnlreeaxo.net | udp |
| US | 8.8.8.8:53 | eeeiusoc.com | udp |
| US | 8.8.8.8:53 | ysegwwus.org | udp |
| US | 8.8.8.8:53 | dtstyn.net | udp |
| US | 8.8.8.8:53 | pyglbynwx.net | udp |
| US | 8.8.8.8:53 | zbqtpeerkb.net | udp |
| US | 8.8.8.8:53 | jfroicpmkxr.net | udp |
| US | 8.8.8.8:53 | hgneekowjoj.org | udp |
| US | 8.8.8.8:53 | vyiinszciag.org | udp |
| US | 8.8.8.8:53 | sybpyrua.info | udp |
| US | 8.8.8.8:53 | biydbwv.com | udp |
| US | 8.8.8.8:53 | zuwrljtqss.net | udp |
| US | 8.8.8.8:53 | jqfwjntsqchn.info | udp |
| US | 8.8.8.8:53 | swyacu.org | udp |
| US | 8.8.8.8:53 | gdupknvkvigp.info | udp |
| US | 8.8.8.8:53 | msaeugqyakco.org | udp |
| US | 8.8.8.8:53 | aqbhbyrotuh.net | udp |
| US | 8.8.8.8:53 | hcjgrdz.org | udp |
| US | 8.8.8.8:53 | fwvgxbjszlf.org | udp |
| US | 8.8.8.8:53 | rtxghrbibwqh.net | udp |
| US | 8.8.8.8:53 | hafdvljslobr.net | udp |
| US | 8.8.8.8:53 | zzwpverv.info | udp |
| US | 8.8.8.8:53 | nafyty.info | udp |
| US | 8.8.8.8:53 | tmrxnmjrkb.net | udp |
| US | 8.8.8.8:53 | zozisczxsmh.net | udp |
| US | 8.8.8.8:53 | sgbyejuxqv.net | udp |
| US | 8.8.8.8:53 | mmjzgaj.net | udp |
| US | 8.8.8.8:53 | mxbsqgqmjz.info | udp |
| US | 8.8.8.8:53 | mckgeuwkoc.com | udp |
| US | 8.8.8.8:53 | wwpgagmql.info | udp |
| US | 8.8.8.8:53 | liedpedyv.net | udp |
| US | 8.8.8.8:53 | hdmevlj.org | udp |
| US | 8.8.8.8:53 | macgoah.info | udp |
| US | 8.8.8.8:53 | hnnkpzbc.info | udp |
| US | 8.8.8.8:53 | fzkrxmam.info | udp |
| US | 8.8.8.8:53 | pfdssuhydjv.net | udp |
| US | 8.8.8.8:53 | belyhqdwi.org | udp |
| US | 8.8.8.8:53 | pqhhxiajzyro.info | udp |
| US | 8.8.8.8:53 | beapxyg.com | udp |
| US | 8.8.8.8:53 | rdakzgyml.com | udp |
| US | 8.8.8.8:53 | wytsbmvhy.net | udp |
| US | 8.8.8.8:53 | urtpbpppbrvq.net | udp |
| US | 8.8.8.8:53 | fixijml.org | udp |
| US | 8.8.8.8:53 | tctwdwo.net | udp |
| US | 8.8.8.8:53 | sxynfilb.net | udp |
| US | 8.8.8.8:53 | zxthlskvhg.net | udp |
| US | 8.8.8.8:53 | obvsnxpqi.info | udp |
| US | 8.8.8.8:53 | bvrlxiawb.net | udp |
| US | 8.8.8.8:53 | tyordop.org | udp |
| US | 8.8.8.8:53 | zsfzjrokut.info | udp |
| US | 8.8.8.8:53 | halweqjvx.net | udp |
| US | 8.8.8.8:53 | myiosmuucuck.org | udp |
| US | 8.8.8.8:53 | ctkdzswq.net | udp |
| US | 8.8.8.8:53 | guoauq.com | udp |
| US | 8.8.8.8:53 | ztfzzf.net | udp |
| US | 8.8.8.8:53 | bujydax.net | udp |
| US | 8.8.8.8:53 | lfrlruwayazs.info | udp |
| US | 8.8.8.8:53 | aixeraldn.info | udp |
| US | 8.8.8.8:53 | sxsydftugfl.net | udp |
| US | 8.8.8.8:53 | vgosjbcebax.info | udp |
| US | 8.8.8.8:53 | qtrvkxnp.net | udp |
| US | 8.8.8.8:53 | msoiygcw.org | udp |
| US | 8.8.8.8:53 | gmjshx.net | udp |
| US | 8.8.8.8:53 | ohvaeippmatj.info | udp |
| US | 8.8.8.8:53 | gwuughj.net | udp |
| US | 8.8.8.8:53 | najirqt.org | udp |
| US | 8.8.8.8:53 | cqqgpzvkyjab.net | udp |
| US | 8.8.8.8:53 | tglwpu.net | udp |
| US | 8.8.8.8:53 | jntxuexoq.net | udp |
| US | 8.8.8.8:53 | ksqwgokwycic.org | udp |
| US | 8.8.8.8:53 | aspcjycc.net | udp |
| US | 8.8.8.8:53 | iuiepxhobgj.net | udp |
| US | 8.8.8.8:53 | omrypuzatwd.net | udp |
| US | 8.8.8.8:53 | bmxlrhxayrbg.info | udp |
| US | 8.8.8.8:53 | pzjpoyfpns.net | udp |
| US | 8.8.8.8:53 | hnhoxv.net | udp |
| US | 8.8.8.8:53 | zthzxx.info | udp |
| US | 8.8.8.8:53 | yeuaeykucywm.org | udp |
| US | 8.8.8.8:53 | ejpdqikairvo.info | udp |
| US | 8.8.8.8:53 | ycqowicu.com | udp |
| US | 8.8.8.8:53 | tikqtercmfvh.info | udp |
| US | 8.8.8.8:53 | gihqiibmmx.info | udp |
| US | 8.8.8.8:53 | tpegpatynkb.com | udp |
| US | 8.8.8.8:53 | ssgqsckw.com | udp |
| US | 8.8.8.8:53 | bibuxrxez.info | udp |
| US | 8.8.8.8:53 | iqksueeqisca.org | udp |
| US | 8.8.8.8:53 | ommyouwokg.org | udp |
| US | 8.8.8.8:53 | iixablrrj.info | udp |
| US | 8.8.8.8:53 | yiccfxwn.info | udp |
| US | 8.8.8.8:53 | guoivvrolqfn.info | udp |
| US | 8.8.8.8:53 | rpxqbc.net | udp |
| US | 8.8.8.8:53 | jkepidbal.com | udp |
| US | 8.8.8.8:53 | nqvtbwbpgq.info | udp |
| US | 8.8.8.8:53 | nazuhcgmve.net | udp |
| US | 8.8.8.8:53 | igdsxajduqk.info | udp |
| US | 8.8.8.8:53 | mgkagcgygiii.com | udp |
| US | 8.8.8.8:53 | cxritgbkwiqj.net | udp |
| US | 8.8.8.8:53 | cgswscoo.org | udp |
| US | 8.8.8.8:53 | mnfjlsw.net | udp |
| US | 8.8.8.8:53 | yeegmfynaagr.info | udp |
| US | 8.8.8.8:53 | bsjnrgg.net | udp |
| US | 8.8.8.8:53 | yhgoce.info | udp |
| US | 8.8.8.8:53 | gggzlyb.info | udp |
| US | 8.8.8.8:53 | uytafts.net | udp |
| US | 8.8.8.8:53 | nyiemuofzpta.info | udp |
| US | 8.8.8.8:53 | saesrkycd.net | udp |
| US | 8.8.8.8:53 | uyimwcckmq.org | udp |
| US | 8.8.8.8:53 | yugmak.com | udp |
| US | 8.8.8.8:53 | sldihwcklsr.info | udp |
| US | 8.8.8.8:53 | yabgjuiyvpj.net | udp |
| US | 8.8.8.8:53 | fwhnopzwqqr.com | udp |
| US | 8.8.8.8:53 | gqaiguckwmiy.org | udp |
| US | 8.8.8.8:53 | jybmsgtquco.info | udp |
| US | 8.8.8.8:53 | ayvtux.info | udp |
| US | 8.8.8.8:53 | djyzzfbetd.net | udp |
| US | 8.8.8.8:53 | yqtafgfohsp.net | udp |
| US | 8.8.8.8:53 | moggwqiiwksm.com | udp |
| US | 8.8.8.8:53 | bflhmzhuhs.net | udp |
| US | 8.8.8.8:53 | nrpqjt.info | udp |
| US | 8.8.8.8:53 | qplhmmahtnvz.net | udp |
| US | 8.8.8.8:53 | dazjdmxyy.org | udp |
| US | 8.8.8.8:53 | uyvytotyxey.net | udp |
| US | 8.8.8.8:53 | uliaatbvxtit.info | udp |
| US | 8.8.8.8:53 | aouytupcj.net | udp |
| US | 8.8.8.8:53 | dthrja.net | udp |
| US | 8.8.8.8:53 | lkngjoezjnq.com | udp |
| US | 8.8.8.8:53 | ugemcwaomeig.org | udp |
| US | 8.8.8.8:53 | pckodoqwh.info | udp |
| US | 8.8.8.8:53 | naajaftqhqr.com | udp |
| US | 8.8.8.8:53 | vnpxusbqkyzc.net | udp |
| US | 8.8.8.8:53 | kmwvcwxa.info | udp |
| US | 8.8.8.8:53 | wrbgtg.info | udp |
| US | 8.8.8.8:53 | txedrdkl.info | udp |
| US | 8.8.8.8:53 | aynuvhplc.net | udp |
| US | 8.8.8.8:53 | xbfhtyff.info | udp |
| US | 8.8.8.8:53 | elqmvlqvwc.info | udp |
| US | 8.8.8.8:53 | efnoixetnzpe.info | udp |
| US | 8.8.8.8:53 | uacagqeiekya.com | udp |
| US | 8.8.8.8:53 | vsswekgnat.info | udp |
| US | 8.8.8.8:53 | gokokcya.com | udp |
| US | 8.8.8.8:53 | zmpcqwf.net | udp |
| US | 8.8.8.8:53 | nqmvkdqdrg.info | udp |
| US | 8.8.8.8:53 | lmfwbghmy.com | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | tipufqd.net | udp |
| US | 8.8.8.8:53 | tmypognonyp.info | udp |
| US | 8.8.8.8:53 | swqffyrhfb.info | udp |
| US | 8.8.8.8:53 | koieiuimyy.com | udp |
| US | 8.8.8.8:53 | iafgqqooyku.net | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | zufoqnzxtstt.net | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | nxncouct.net | udp |
| US | 8.8.8.8:53 | tsheimv.com | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | htbudy.net | udp |
| US | 8.8.8.8:53 | ykplxcpzxdhg.net | udp |
| US | 8.8.8.8:53 | xylfbzxczv.info | udp |
| US | 8.8.8.8:53 | ctzbfg.info | udp |
| US | 8.8.8.8:53 | ypbbzhuw.info | udp |
| US | 8.8.8.8:53 | dvfkvhmu.net | udp |
| US | 8.8.8.8:53 | rjvuhdtucy.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | mrksacjl.info | udp |
| US | 8.8.8.8:53 | vvvhsnhfsr.info | udp |
| US | 8.8.8.8:53 | mitbikquo.info | udp |
| US | 8.8.8.8:53 | mwrptcv.net | udp |
| US | 8.8.8.8:53 | ecgpfllc.info | udp |
| US | 8.8.8.8:53 | yaojvxvizxfw.net | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | pesxfil.com | udp |
| US | 8.8.8.8:53 | icimig.org | udp |
| US | 8.8.8.8:53 | ldmcysd.org | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | ylbbxwhigc.info | udp |
| US | 8.8.8.8:53 | hnvikxcezldf.net | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | symwuqksmoqk.org | udp |
| US | 8.8.8.8:53 | gsxmtr.net | udp |
| US | 8.8.8.8:53 | emmwgs.com | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | laxrsig.info | udp |
| US | 8.8.8.8:53 | fzbzwonu.net | udp |
| US | 8.8.8.8:53 | ohjpjthfof.info | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | qqocasaaiu.org | udp |
| US | 8.8.8.8:53 | wcbrovxplcly.info | udp |
| US | 8.8.8.8:53 | suusuu.com | udp |
| US | 8.8.8.8:53 | wqhvjmzkh.info | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | aiosocow.org | udp |
| US | 8.8.8.8:53 | fgpjmnxs.info | udp |
| US | 8.8.8.8:53 | izjghbxz.info | udp |
| US | 8.8.8.8:53 | nfjzfkmeh.net | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | semayokg.com | udp |
| US | 8.8.8.8:53 | lbvjqa.net | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | gsuzjh.info | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | kcrwomznpeb.info | udp |
| US | 8.8.8.8:53 | socydai.net | udp |
| US | 8.8.8.8:53 | nnqgud.net | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | tjnezkt.info | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | uaooicakymqu.com | udp |
| US | 8.8.8.8:53 | isrbdst.info | udp |
| US | 8.8.8.8:53 | vokyfljh.info | udp |
| US | 8.8.8.8:53 | hszdlqtymq.info | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | blulsn.net | udp |
| US | 8.8.8.8:53 | grcanwaf.net | udp |
| US | 8.8.8.8:53 | gdumwmxloqge.info | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | rbhajqjgxun.info | udp |
| US | 8.8.8.8:53 | wwmymumasq.com | udp |
| US | 8.8.8.8:53 | cuqmwgaumq.com | udp |
| US | 8.8.8.8:53 | qdpbyazudqp.net | udp |
| US | 8.8.8.8:53 | mazangbai.net | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
Files
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
| MD5 | 669f7fc2eb7fb5c4108e38ab26bbfd96 |
| SHA1 | bb650d81826897ce7c203360f46b7575bb95c38e |
| SHA256 | ea040ad76dc37e989ace4f6f9a35d6bf66fad6f92c91d18325285deda0b168a3 |
| SHA512 | 601a1938db4d67394f1b70deea4308b7af4a1d8e3f6c2d8c85eb2901ae038114c677892a314b6ffbaa192db2d564664de5358f0739d63b1b713d53f7a0bbcd19 |
C:\Windows\SysWOW64\mcsndwrmbpznjlmyyc.exe
| MD5 | c01efe28cc72f758cb5548c1b0f4afe1 |
| SHA1 | 23a4aae9c403e8a8484e80780ad911459332bcd6 |
| SHA256 | b8fda1b4500ac5fa17c42f664f5708ce394b039f1a18fc7e526b714df784af6b |
| SHA512 | b1ce44a9919ea0ee91cb3b6d94522656102d95e8c5589d13736045b1919d908fa17e6bf07921e4e94cdc54f3abdc15be3c8fe82a347f6ea955e6958e045ca316 |
C:\Users\Admin\AppData\Local\Temp\xchrweo.exe
| MD5 | 7fdf9607636152fa101e8eba3496b1b9 |
| SHA1 | 15441a84c6b0d6129d26dd5663d675b6c9cf556c |
| SHA256 | 1fde5099f6f75d4d41f28ece6e8a3a9e17898b0a2b7ea89c426e973e7b7a2862 |
| SHA512 | 83bf562a55470b11b51ceb14dc627a485de00845c7b1876e0c333eee9b66e2e8887da620e3002cad99d9ca7d96a650b54462e856c6a3d931262097c3d543b07a |
C:\Users\Admin\AppData\Local\bazdceimkhaxcnxsbotsrvu.aec
| MD5 | d5935e046cf38c21ad6ea78fa85f9d7b |
| SHA1 | 060e42af9b8c6e051e4e5f48bcdf4bb1bfdb99cc |
| SHA256 | cf6adeba9ad69eb161222f507db13ea00ed6647e0a9bdf6905016140274a684f |
| SHA512 | 9c487ee777f22e3c8d828685a0d691ed6b705f2f4e8ec014705edcc8d90e592606aba5ddc5eef8aa3911370203e624de2652f5b6e3dbd304e4af63c73d2403e7 |
C:\Users\Admin\AppData\Local\oyixhujyhptbrnioigwgqfpcrgpxbjzvqw.oeo
| MD5 | 2a2ed55a60af08663360f53d518ac4ad |
| SHA1 | c4f78198817d655c2456da36618b24fbdad411ea |
| SHA256 | 9b801b6ce3e0e2b61f397fa0e12c9deb4898950359411699bc2dc8909511702d |
| SHA512 | 22f2a71c5626958c6e512d11dea548aed4897b15bc4fca9181c5975d60cef6ee9b34e6e54b1acd15b06d62f77c15a5b175b759e806f063493f6c45f6c3bc7efb |
C:\Program Files (x86)\bazdceimkhaxcnxsbotsrvu.aec
| MD5 | 92461967c100ddabd218018c2778d876 |
| SHA1 | 078f639f31e13be414b9489ab0e9b207a25d4847 |
| SHA256 | 9b407846fddae7e2e8c32617aaeaacc8676574b2c970627c77f52dbbf0263f97 |
| SHA512 | 9ec4824eb129b8947b999e961c9ffd59b293bb8e788f8f6490bfd3fecf7b1cb4c3db42ba578765ee661751f0ef43fad1710f1f1983f8b8aa2dbe624b82777d5f |
C:\Program Files (x86)\bazdceimkhaxcnxsbotsrvu.aec
| MD5 | e311d3692c5a6981372001c1ecec6446 |
| SHA1 | c2d1720b9d539c74ddbe7402fabffd5ca4c87f09 |
| SHA256 | 0cd65279d2db11e32040589de34c827df8aee50637e84428882411b91a092c77 |
| SHA512 | 8e70228932e2c2a4f2c615075e624aaa1b21c3a4e524cc9ec3680f6bee23ea43dae8f215c0c3900a6fe44b628f6065c2022eb82b1da536ecb8995e7ecc4e59cc |
C:\Program Files (x86)\bazdceimkhaxcnxsbotsrvu.aec
| MD5 | 3436a85d4bce198dc6597a2d9d35c423 |
| SHA1 | 314da0f4d87da0d6d7e6affe0f8b0488132e64b8 |
| SHA256 | 35b741ef904ad563376d79f772198bba3cfe1dc377ec7ef85650aac27e6a1b2e |
| SHA512 | b3fe105026b6f438d0af2d9e1c957dac99893890602d09005448a2ba3f331a2a73e9f6f566ef3c2244835f14f33cf661f1ecad71b713e7ac18435671af92a590 |
C:\Program Files (x86)\bazdceimkhaxcnxsbotsrvu.aec
| MD5 | 236f518b44fce06756c24e7b7a74897c |
| SHA1 | a6829fe2f15ac5fc302f6b5238890084df806330 |
| SHA256 | 6edb50e65feffe094d66001b956fa061924e0df9e15e35580370cf34d7da7ab8 |
| SHA512 | 1f4e2f575b021a1259c534370894c00a4227b6b581967812ea63ae7648c8d52078fd935ce0737c7b2cce82ed309f019c049c5c50d58d16e5afb28fe6b1fbb5d1 |
C:\Program Files (x86)\bazdceimkhaxcnxsbotsrvu.aec
| MD5 | d455faed48248ffa5183be94475dc4ea |
| SHA1 | 344b3255ec9aff14c9169e17e22cdf944ffd070b |
| SHA256 | 6df29bf5b80876e0e0c686b0e0e12d7ef901d9e441fb242af56ab99cd501dd0e |
| SHA512 | 69406022d2811b48d4a4d1599fa55d2a6f339b27f86f6b17f5284599aaa2d465da7cc26a9e2d18b4733f42e1d473d5857f9ed612da2cf6571b1d6b2e31b1ba2b |
C:\Program Files (x86)\bazdceimkhaxcnxsbotsrvu.aec
| MD5 | 0091bb396daf98004dd8fbbcf8c8c515 |
| SHA1 | 784fe844f0446493da14ffb9abc870b7c572fa7d |
| SHA256 | 5dbc7e37012b7e5680d48b70552587a7a739ec32496035df1a791f9969ba0228 |
| SHA512 | 7d511ea7d6af58fb1e5121fba702271e951f24045614761f80ef908c554504ce94c1269559f9d1dfee013e872e78a490cee6de09d906804a6d771f470f587097 |
C:\Program Files (x86)\bazdceimkhaxcnxsbotsrvu.aec
| MD5 | 30ec271e25d6da09e00334f34822a125 |
| SHA1 | 48fcded115beaa8d5d5c1b1a322afd4de9f8b13d |
| SHA256 | f07474ea3088cffde24b07cfb60ecde59aa14738376bddb7d5d51ab2a0a5caca |
| SHA512 | b18748bd6215e871cc0d0fbd24e5c2d0da0b0f73a243addebf8a126f15022c20637bce5fd76be6d6fc40a9bbdd273e6b4c28e7663009bf7d1c738fdbea0d1b93 |