Analysis Overview
SHA256
9223f4748f528658ba3ac30515cf3ac1817677baaf345441d021e98ebd8891af
Threat Level: Known bad
The file JaffaCakes118_bc2c2e6019e42289641123c2db3584dc was found to be: Known bad.
Malicious Activity Summary
Pykspa
Pykspa family
Modifies WinLogon for persistence
UAC bypass
Detect Pykspa worm
Disables RegEdit via registry modification
Adds policy Run key to start application
Checks computer location settings
Impair Defenses: Safe Mode Boot
Executes dropped EXE
Hijack Execution Flow: Executable Installer File Permissions Weakness
Checks whether UAC is enabled
Adds Run key to start application
Looks up external IP address via web service
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
System policy modification
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-18 02:23
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-18 02:23
Reported
2025-04-18 02:26
Platform
win10v2004-20250313-en
Max time kernel
41s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "zrtjiazqlbxsmnxaoskmc.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wjgrlyseufwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "mbanjyuiangypnuufg.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "kbcrpgeuodyslluwjmde.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbcrpgeuodyslluwjmde.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\drpbwkfsjvneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "xnnbyolathbumltugiy.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "zrtjiazqlbxsmnxaoskmc.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "xnnbyolathbumltugiy.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbanjyuiangypnuufg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\drpbwkfsjvneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "drpbwkfsjvneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbanjyuiangypnuufg.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "zrtjiazqlbxsmnxaoskmc.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrtjiazqlbxsmnxaoskmc.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbanjyuiangypnuufg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "wjgrlyseufwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "kbcrpgeuodyslluwjmde.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "mbanjyuiangypnuufg.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "drpbwkfsjvneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "zrtjiazqlbxsmnxaoskmc.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "zrtjiazqlbxsmnxaoskmc.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "wjgrlyseufwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\drpbwkfsjvneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\drpbwkfsjvneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbanjyuiangypnuufg.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "xnnbyolathbumltugiy.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "mbanjyuiangypnuufg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "wjgrlyseufwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbcrpgeuodyslluwjmde.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbcrpgeuodyslluwjmde.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "drpbwkfsjvneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnnbyolathbumltugiy.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "wjgrlyseufwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnnbyolathbumltugiy.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbcrpgeuodyslluwjmde.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "xnnbyolathbumltugiy.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "drpbwkfsjvneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\drpbwkfsjvneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbcrpgeuodyslluwjmde.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbcrpgeuodyslluwjmde.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrtjiazqlbxsmnxaoskmc.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbanjyuiangypnuufg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\knablo = "kbcrpgeuodyslluwjmde.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\mbanjyuiangypnuufg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\mbanjyuiangypnuufg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\xnnbyolathbumltugiy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\mbanjyuiangypnuufg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\mbanjyuiangypnuufg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\xnnbyolathbumltugiy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\drpbwkfsjvneurxwg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\wjgrlyseufwmbxca.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\kbcrpgeuodyslluwjmde.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\wjgrlyseufwmbxca.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\xnnbyolathbumltugiy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\kbcrpgeuodyslluwjmde.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\wjgrlyseufwmbxca.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\xnnbyolathbumltugiy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\xnnbyolathbumltugiy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\xnnbyolathbumltugiy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\drpbwkfsjvneurxwg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\kbcrpgeuodyslluwjmde.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\drpbwkfsjvneurxwg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\xnnbyolathbumltugiy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\wjgrlyseufwmbxca.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\xnnbyolathbumltugiy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\drpbwkfsjvneurxwg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\drpbwkfsjvneurxwg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "mbanjyuiangypnuufg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wduznuioyd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbcrpgeuodyslluwjmde.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrcb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnnbyolathbumltugiy.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrtjiazqlbxsmnxaoskmc.exe ." | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbcrpgeuodyslluwjmde.exe ." | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\djzdqwjox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnnbyolathbumltugiy.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "mbanjyuiangypnuufg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrcb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrtjiazqlbxsmnxaoskmc.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\djzdqwjox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wjgrlyseufwmbxca.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbanjyuiangypnuufg.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wduznuioyd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\drpbwkfsjvneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrtjiazqlbxsmnxaoskmc.exe ." | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbanjyuiangypnuufg.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrcb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrtjiazqlbxsmnxaoskmc.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wduznuioyd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbanjyuiangypnuufg.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbprcgr = "xnnbyolathbumltugiy.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnnbyolathbumltugiy.exe ." | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "mbanjyuiangypnuufg.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "mbanjyuiangypnuufg.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "zrtjiazqlbxsmnxaoskmc.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "mbanjyuiangypnuufg.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mrgjvamq = "xnnbyolathbumltugiy.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mrgjvamq = "kbcrpgeuodyslluwjmde.exe ." | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrcb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbcrpgeuodyslluwjmde.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbprcgr = "zrtjiazqlbxsmnxaoskmc.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "kbcrpgeuodyslluwjmde.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\djzdqwjox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnnbyolathbumltugiy.exe ." | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrcb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrtjiazqlbxsmnxaoskmc.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbprcgr = "mbanjyuiangypnuufg.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mrgjvamq = "drpbwkfsjvneurxwg.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wduznuioyd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbanjyuiangypnuufg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbprcgr = "zrtjiazqlbxsmnxaoskmc.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "wjgrlyseufwmbxca.exe ." | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbprcgr = "wjgrlyseufwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrcb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wjgrlyseufwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "drpbwkfsjvneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "drpbwkfsjvneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "mbanjyuiangypnuufg.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wduznuioyd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\drpbwkfsjvneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wduznuioyd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\drpbwkfsjvneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrtjiazqlbxsmnxaoskmc.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "mbanjyuiangypnuufg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mrgjvamq = "drpbwkfsjvneurxwg.exe ." | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbprcgr = "kbcrpgeuodyslluwjmde.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\djzdqwjox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbanjyuiangypnuufg.exe ." | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\djzdqwjox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wjgrlyseufwmbxca.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "xnnbyolathbumltugiy.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrcb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wjgrlyseufwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "zrtjiazqlbxsmnxaoskmc.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wduznuioyd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wjgrlyseufwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrcb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wjgrlyseufwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "wjgrlyseufwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\djzdqwjox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrtjiazqlbxsmnxaoskmc.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbcrpgeuodyslluwjmde.exe ." | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "drpbwkfsjvneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mrgjvamq = "kbcrpgeuodyslluwjmde.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wduznuioyd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wjgrlyseufwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zbnnw = "xnnbyolathbumltugiy.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrcb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrtjiazqlbxsmnxaoskmc.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mrgjvamq = "kbcrpgeuodyslluwjmde.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\djzdqwjox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnnbyolathbumltugiy.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrcb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\drpbwkfsjvneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wduznuioyd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\drpbwkfsjvneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qrcb = "xnnbyolathbumltugiy.exe" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zrtjiazqlbxsmnxaoskmc.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xnnbyolathbumltugiy.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\qjmddwwokbyuprcgvatwnn.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oxqxnwmugnamxpqkpktmtjsiqcjwitlmgl.pip | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| File created | C:\Windows\SysWOW64\zrtjiazqlbxsmnxaoskmc.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zrtjiazqlbxsmnxaoskmc.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zrtjiazqlbxsmnxaoskmc.exe | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| File created | C:\Windows\SysWOW64\wjgrlyseufwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\qjmddwwokbyuprcgvatwnn.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wjgrlyseufwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\wjgrlyseufwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\xnnbyolathbumltugiy.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\xnnbyolathbumltugiy.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qjmddwwokbyuprcgvatwnn.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zrtjiazqlbxsmnxaoskmc.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zrtjiazqlbxsmnxaoskmc.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xnnbyolathbumltugiy.exe | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wjgrlyseufwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\xnnbyolathbumltugiy.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\xnnbyolathbumltugiy.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\zrtjiazqlbxsmnxaoskmc.exe | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qjmddwwokbyuprcgvatwnn.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\xnnbyolathbumltugiy.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wjgrlyseufwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| File created | C:\Windows\SysWOW64\zrtjiazqlbxsmnxaoskmc.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xnnbyolathbumltugiy.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\xnnbyolathbumltugiy.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qjmddwwokbyuprcgvatwnn.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| File created | C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\wjgrlyseufwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wjgrlyseufwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| File created | C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\kbcrpgeuodyslluwjmde.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zrtjiazqlbxsmnxaoskmc.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drpbwkfsjvneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\bzhdiglijfhiipfoisqyuzx.zaw | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| File opened for modification | C:\Program Files (x86)\oxqxnwmugnamxpqkpktmtjsiqcjwitlmgl.pip | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| File created | C:\Program Files (x86)\oxqxnwmugnamxpqkpktmtjsiqcjwitlmgl.pip | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| File opened for modification | C:\Program Files (x86)\bzhdiglijfhiipfoisqyuzx.zaw | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\qjmddwwokbyuprcgvatwnn.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\kbcrpgeuodyslluwjmde.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\mbanjyuiangypnuufg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\xnnbyolathbumltugiy.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\wjgrlyseufwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| File opened for modification | C:\Windows\xnnbyolathbumltugiy.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\wjgrlyseufwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\mbanjyuiangypnuufg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\wjgrlyseufwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\drpbwkfsjvneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| File created | C:\Windows\xnnbyolathbumltugiy.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\qjmddwwokbyuprcgvatwnn.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\xnnbyolathbumltugiy.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\kbcrpgeuodyslluwjmde.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\qjmddwwokbyuprcgvatwnn.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\kbcrpgeuodyslluwjmde.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\wjgrlyseufwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\kbcrpgeuodyslluwjmde.exe | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| File created | C:\Windows\oxqxnwmugnamxpqkpktmtjsiqcjwitlmgl.pip | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| File opened for modification | C:\Windows\xnnbyolathbumltugiy.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\wjgrlyseufwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\drpbwkfsjvneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\mbanjyuiangypnuufg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\qjmddwwokbyuprcgvatwnn.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\mbanjyuiangypnuufg.exe | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| File opened for modification | C:\Windows\xnnbyolathbumltugiy.exe | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| File opened for modification | C:\Windows\oxqxnwmugnamxpqkpktmtjsiqcjwitlmgl.pip | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| File opened for modification | C:\Windows\wjgrlyseufwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\qjmddwwokbyuprcgvatwnn.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\drpbwkfsjvneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\kbcrpgeuodyslluwjmde.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\qjmddwwokbyuprcgvatwnn.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\mbanjyuiangypnuufg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\xnnbyolathbumltugiy.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\kbcrpgeuodyslluwjmde.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\qjmddwwokbyuprcgvatwnn.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\wjgrlyseufwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\kbcrpgeuodyslluwjmde.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\drpbwkfsjvneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\wjgrlyseufwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\mbanjyuiangypnuufg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\qjmddwwokbyuprcgvatwnn.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\drpbwkfsjvneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\wjgrlyseufwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\kbcrpgeuodyslluwjmde.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\qjmddwwokbyuprcgvatwnn.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\kbcrpgeuodyslluwjmde.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\drpbwkfsjvneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\mbanjyuiangypnuufg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\mbanjyuiangypnuufg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\xnnbyolathbumltugiy.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\xnnbyolathbumltugiy.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\qjmddwwokbyuprcgvatwnn.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\mbanjyuiangypnuufg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wjgrlyseufwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnnbyolathbumltugiy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wjgrlyseufwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mbanjyuiangypnuufg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnnbyolathbumltugiy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wjgrlyseufwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnnbyolathbumltugiy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\drpbwkfsjvneurxwg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnnbyolathbumltugiy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnnbyolathbumltugiy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\drpbwkfsjvneurxwg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wjgrlyseufwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mbanjyuiangypnuufg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnnbyolathbumltugiy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wjgrlyseufwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kbcrpgeuodyslluwjmde.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mbanjyuiangypnuufg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kbcrpgeuodyslluwjmde.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mbanjyuiangypnuufg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\drpbwkfsjvneurxwg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\drpbwkfsjvneurxwg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\drpbwkfsjvneurxwg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\drpbwkfsjvneurxwg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wjgrlyseufwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zrtjiazqlbxsmnxaoskmc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\knablo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe"
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bc2c2e6019e42289641123c2db3584dc.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."
C:\Users\Admin\AppData\Local\Temp\knablo.exe
"C:\Users\Admin\AppData\Local\Temp\knablo.exe" "-C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe"
C:\Users\Admin\AppData\Local\Temp\knablo.exe
"C:\Users\Admin\AppData\Local\Temp\knablo.exe" "-C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe .
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe .
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\drpbwkfsjvneurxwg.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\xnnbyolathbumltugiy.exe*."
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\drpbwkfsjvneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wjgrlyseufwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\zrtjiazqlbxsmnxaoskmc.exe
zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .
C:\Windows\xnnbyolathbumltugiy.exe
xnnbyolathbumltugiy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\xnnbyolathbumltugiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbanjyuiangypnuufg.exe .
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Windows\mbanjyuiangypnuufg.exe
mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\mbanjyuiangypnuufg.exe*."
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\kbcrpgeuodyslluwjmde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\wjgrlyseufwmbxca.exe
wjgrlyseufwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe
C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuplyukeqfyqhfmmx.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wjgrlyseufwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\zrtjiazqlbxsmnxaoskmc.exe*."
C:\Windows\jhuplyukeqfyqhfmmx.exe
jhuplyukeqfyqhfmmx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c axjdykfunymevlion.exe .
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe .
C:\Windows\axjdykfunymevlion.exe
axjdykfunymevlion.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uthdaolcxkaunfemnzy.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\axjdykfunymevlion.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\mbanjyuiangypnuufg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wxnlkazspewsnhisvjklb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe
C:\Windows\uthdaolcxkaunfemnzy.exe
uthdaolcxkaunfemnzy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuplyukeqfyqhfmmx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wxnlkazspewsnhisvjklb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe .
C:\Windows\wxnlkazspewsnhisvjklb.exe
wxnlkazspewsnhisvjklb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbcrpgeuodyslluwjmde.exe
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe
C:\Users\Admin\AppData\Local\Temp\jhuplyukeqfyqhfmmx.exe
C:\Users\Admin\AppData\Local\Temp\jhuplyukeqfyqhfmmx.exe
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe .
C:\Users\Admin\AppData\Local\Temp\wxnlkazspewsnhisvjklb.exe
C:\Users\Admin\AppData\Local\Temp\wxnlkazspewsnhisvjklb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wxnlkazspewsnhisvjklb.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\wxnlkazspewsnhisvjklb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tpatnysgyivmcrns.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\kbcrpgeuodyslluwjmde.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\wxnlkazspewsnhisvjklb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe
C:\Windows\kbcrpgeuodyslluwjmde.exe
kbcrpgeuodyslluwjmde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnnbyolathbumltugiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wjgrlyseufwmbxca.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wjgrlyseufwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c drpbwkfsjvneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\drpbwkfsjvneurxwg.exe
C:\Windows\drpbwkfsjvneurxwg.exe
drpbwkfsjvneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\wxnlkazspewsnhisvjklb.exe
C:\Users\Admin\AppData\Local\Temp\wxnlkazspewsnhisvjklb.exe
C:\Users\Admin\AppData\Local\Temp\tpatnysgyivmcrns.exe
C:\Users\Admin\AppData\Local\Temp\tpatnysgyivmcrns.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbanjyuiangypnuufg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnnbyolathbumltugiy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrtjiazqlbxsmnxaoskmc.exe .
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.wikipedia.org | udp |
| NL | 185.15.59.224:80 | www.wikipedia.org | tcp |
| US | 8.8.8.8:53 | www.bbc.co.uk | udp |
| US | 151.101.192.81:80 | www.bbc.co.uk | tcp |
| LT | 78.61.84.37:30728 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | zrdhslfr.net | udp |
| US | 8.8.8.8:53 | ejmyepek.net | udp |
| US | 8.8.8.8:53 | mmmojmywo.info | udp |
| US | 8.8.8.8:53 | thpqvqbzvoof.info | udp |
| US | 8.8.8.8:53 | pkjnyexhx.info | udp |
| US | 8.8.8.8:53 | lfjvvfbidk.net | udp |
| US | 8.8.8.8:53 | murwtxhsbvh.net | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | xanfruxcciu.info | udp |
| US | 8.8.8.8:53 | ntbktaxx.net | udp |
| US | 8.8.8.8:53 | jgxyziq.com | udp |
| US | 8.8.8.8:53 | uotdhwxz.net | udp |
| US | 8.8.8.8:53 | ywfojfbqxgb.info | udp |
| US | 8.8.8.8:53 | asqswo.com | udp |
| US | 8.8.8.8:53 | egoktqq.info | udp |
| LT | 78.61.84.37:30728 | tcp | |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | qcould.net | udp |
| US | 8.8.8.8:53 | mwzqlxjdhb.net | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | rsbpduxcblzv.net | udp |
| US | 8.8.8.8:53 | jwttupcn.info | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | jrsfbehtpo.net | udp |
| US | 8.8.8.8:53 | vujsgcxakar.net | udp |
| US | 8.8.8.8:53 | ggtctypyuyl.info | udp |
| US | 8.8.8.8:53 | dqhzjvpyp.info | udp |
| US | 8.8.8.8:53 | xltbiubv.net | udp |
| US | 8.8.8.8:53 | bkvfhemoyj.info | udp |
| US | 8.8.8.8:53 | mfdjdwtghwl.info | udp |
| US | 8.8.8.8:53 | sxtwlvlgg.net | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | wcgiugwy.com | udp |
| US | 8.8.8.8:53 | wcrrfdxt.net | udp |
| US | 8.8.8.8:53 | vvfkaqtjhn.info | udp |
| US | 8.8.8.8:53 | usuejceokju.net | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | otuwdg.net | udp |
| US | 8.8.8.8:53 | uogaguoiikks.com | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | lsrcnsbur.net | udp |
| US | 8.8.8.8:53 | njsrbmva.net | udp |
| US | 8.8.8.8:53 | kakuwkugok.org | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | nkwrugwwxdrg.net | udp |
| US | 8.8.8.8:53 | icqtysjtl.info | udp |
| US | 8.8.8.8:53 | lqdejiy.org | udp |
| US | 8.8.8.8:53 | jxkaga.net | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | xgoymyhfm.info | udp |
| US | 8.8.8.8:53 | qqawkwkiawuu.com | udp |
| US | 8.8.8.8:53 | cmjmiwi.info | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | zdqxsm.net | udp |
| US | 8.8.8.8:53 | caaqum.org | udp |
| US | 8.8.8.8:53 | hgakzon.com | udp |
| US | 8.8.8.8:53 | umuyiw.com | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | dbofezpshjhw.net | udp |
| US | 8.8.8.8:53 | pquzxomdwg.info | udp |
| US | 8.8.8.8:53 | pxtkzqbmhuv.org | udp |
| US | 8.8.8.8:53 | ayiangiastp.info | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | suqgjbr.info | udp |
| US | 8.8.8.8:53 | jchljevuviv.net | udp |
| US | 8.8.8.8:53 | mtvihkf.info | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | yloztkleys.info | udp |
| US | 8.8.8.8:53 | zkgcposmhdp.info | udp |
| US | 8.8.8.8:53 | uevgzo.info | udp |
| US | 8.8.8.8:53 | finenndqxcq.org | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | assrxinszp.info | udp |
| US | 8.8.8.8:53 | zqjzvcj.org | udp |
| US | 8.8.8.8:53 | pzddjkgjbwzj.net | udp |
| US | 8.8.8.8:53 | gmrcnht.info | udp |
| US | 8.8.8.8:53 | fcxihwfxs.net | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | wrzcvarsd.info | udp |
| US | 8.8.8.8:53 | wgiwig.org | udp |
| US | 8.8.8.8:53 | ldkqgvhspg.info | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | gjvihytjn.info | udp |
| US | 8.8.8.8:53 | dxwbbovtasey.info | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | qniorzfk.net | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | vovmgpdp.net | udp |
| US | 8.8.8.8:53 | luuutojah.com | udp |
| US | 8.8.8.8:53 | ubhkijhh.info | udp |
| US | 8.8.8.8:53 | ugcygcyup.info | udp |
| US | 8.8.8.8:53 | npdjnvrbsv.info | udp |
| US | 8.8.8.8:53 | dqfhrafr.net | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | vtwwvlumvr.info | udp |
| US | 8.8.8.8:53 | spbcxx.info | udp |
| US | 8.8.8.8:53 | eyancet.info | udp |
| US | 8.8.8.8:53 | vwefzcpst.com | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | fcdnfwkm.net | udp |
| US | 8.8.8.8:53 | scwaei.com | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | tartzsbc.info | udp |
| US | 8.8.8.8:53 | zihubnef.net | udp |
| US | 8.8.8.8:53 | wgvrrscywbr.net | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | wkkvzoo.info | udp |
| US | 8.8.8.8:53 | ssxujsg.info | udp |
| US | 8.8.8.8:53 | tgbvyyjmj.info | udp |
| US | 8.8.8.8:53 | zjnyfxpeo.net | udp |
| US | 8.8.8.8:53 | yamikous.com | udp |
| US | 8.8.8.8:53 | kkuakgkesi.org | udp |
| US | 8.8.8.8:53 | qpcgluzins.info | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | veygfiqzcgw.org | udp |
| US | 8.8.8.8:53 | mngftxfriy.net | udp |
| US | 8.8.8.8:53 | nnfgnetqnw.net | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | fjovyudf.info | udp |
| US | 8.8.8.8:53 | osvppx.info | udp |
| US | 8.8.8.8:53 | drxidcsptr.info | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | cegooqcmuqoi.org | udp |
| US | 8.8.8.8:53 | veqgufloz.info | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | wcxyphq.net | udp |
| US | 8.8.8.8:53 | jyftldjfnpch.info | udp |
| US | 8.8.8.8:53 | ekwoqgamea.org | udp |
| US | 8.8.8.8:53 | nimfckjs.net | udp |
| US | 8.8.8.8:53 | eijndencbsp.net | udp |
| US | 8.8.8.8:53 | nlvijzyb.info | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | psncnubqvkb.com | udp |
| US | 8.8.8.8:53 | kesbzisjvypu.info | udp |
| US | 8.8.8.8:53 | wrelccmgslwk.info | udp |
| US | 8.8.8.8:53 | tljpkm.net | udp |
| US | 8.8.8.8:53 | xedknojkntj.info | udp |
| US | 8.8.8.8:53 | mkfjzcufhx.net | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | xexcpmhgv.net | udp |
| US | 8.8.8.8:53 | nbjylepcjdin.info | udp |
| US | 8.8.8.8:53 | ssagyy.com | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | fihdevfsfp.info | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | wqnolvxm.info | udp |
| US | 8.8.8.8:53 | ixfllp.info | udp |
| US | 8.8.8.8:53 | ayikcsgi.org | udp |
| US | 8.8.8.8:53 | hdxqfuykjvj.org | udp |
| US | 8.8.8.8:53 | oyyisqky.org | udp |
| US | 8.8.8.8:53 | ueyoek.org | udp |
| US | 8.8.8.8:53 | wirdberz.info | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | tppzbsvd.info | udp |
| US | 8.8.8.8:53 | jqjkjlqchov.com | udp |
| US | 8.8.8.8:53 | pgghfkx.info | udp |
| US | 8.8.8.8:53 | qwwamiwgqc.com | udp |
| US | 8.8.8.8:53 | aqwamiwgqc.com | udp |
| US | 8.8.8.8:53 | pqrdzynsz.net | udp |
| US | 8.8.8.8:53 | ycyeemamem.org | udp |
| US | 8.8.8.8:53 | zkrwbiv.info | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | egxuhfgou.info | udp |
| US | 8.8.8.8:53 | gowgugsyeoqm.org | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | tuvdqcuircn.com | udp |
| US | 8.8.8.8:53 | cwzdwnlc.net | udp |
| US | 8.8.8.8:53 | dwscvphd.net | udp |
| US | 8.8.8.8:53 | sehqlunswem.net | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | bqtireh.net | udp |
| US | 8.8.8.8:53 | ymycocagasua.org | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | zxlozbdl.info | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | nwjjzbvlpxvi.info | udp |
| US | 8.8.8.8:53 | gzoasqkmbuv.info | udp |
| US | 8.8.8.8:53 | owwkussqmqoq.org | udp |
| US | 8.8.8.8:53 | gbqxzzsjkjie.net | udp |
| US | 8.8.8.8:53 | qoysfytad.info | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | wyeqyowgeuam.com | udp |
| US | 8.8.8.8:53 | wgbgdsxus.net | udp |
| US | 8.8.8.8:53 | wcimsg.org | udp |
| US | 8.8.8.8:53 | sokocqom.com | udp |
| US | 8.8.8.8:53 | rlndnmt.com | udp |
| US | 8.8.8.8:53 | tyuqlz.info | udp |
| US | 8.8.8.8:53 | cdzfxkheckko.info | udp |
| US | 8.8.8.8:53 | jcowadh.org | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| NL | 173.194.69.94:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | ghpxhyz.net | udp |
| US | 8.8.8.8:53 | nhjtydmr.info | udp |
| US | 8.8.8.8:53 | bwkhrzh.org | udp |
| US | 8.8.8.8:53 | dyhytonij.com | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | dwbdki.info | udp |
| US | 8.8.8.8:53 | bkdbit.info | udp |
| US | 8.8.8.8:53 | mhnkngexjb.info | udp |
| US | 8.8.8.8:53 | rwikzvtcvoxe.info | udp |
| US | 8.8.8.8:53 | vsuuoui.info | udp |
| US | 8.8.8.8:53 | rotpyetcn.info | udp |
| US | 8.8.8.8:53 | lqnmpytum.info | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | ungwgsfmj.net | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | ktzksyd.info | udp |
| US | 8.8.8.8:53 | nipcbhgzdsjj.net | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | henqlaxsfw.info | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | rtxcvlholljz.info | udp |
| US | 8.8.8.8:53 | mwlkrce.net | udp |
| US | 8.8.8.8:53 | knjkhgii.info | udp |
| US | 8.8.8.8:53 | dgxwpoyuw.net | udp |
| US | 8.8.8.8:53 | wtcykosbikkh.net | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | vpfufigapmg.org | udp |
| US | 8.8.8.8:53 | wwnsenracwe.info | udp |
| US | 8.8.8.8:53 | onobziqf.info | udp |
| US | 8.8.8.8:53 | vglczytim.com | udp |
| US | 8.8.8.8:53 | gifnbyxotha.net | udp |
| US | 8.8.8.8:53 | ggyauwgmywsc.org | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | xzjangtahkwg.net | udp |
| US | 8.8.8.8:53 | rwyxkdrufy.net | udp |
| US | 8.8.8.8:53 | vnztbp.net | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | gytsgqocd.info | udp |
| US | 8.8.8.8:53 | qyfarqhcyow.net | udp |
| US | 8.8.8.8:53 | twhwjdbipci.org | udp |
| US | 8.8.8.8:53 | qccwawkk.com | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | ooykeygqgs.com | udp |
| US | 8.8.8.8:53 | qgrevs.net | udp |
| US | 8.8.8.8:53 | xyxgjur.info | udp |
| US | 8.8.8.8:53 | eshervb.info | udp |
| US | 8.8.8.8:53 | ewsigmgogk.com | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | udjfavgm.info | udp |
| US | 8.8.8.8:53 | ddhjxjxvmwle.info | udp |
| US | 8.8.8.8:53 | eakququisous.com | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | jwxcxko.com | udp |
| US | 8.8.8.8:53 | kqgimi.org | udp |
| US | 8.8.8.8:53 | rqfinovhp.com | udp |
| US | 8.8.8.8:53 | ucbspdfi.info | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | aupmoqhqf.net | udp |
| US | 8.8.8.8:53 | iwrpjsajftbq.info | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | kwmgxgcab.info | udp |
| US | 8.8.8.8:53 | adqmfyymxt.net | udp |
| US | 8.8.8.8:53 | zkdanlmh.info | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | mxiypcrtusuh.net | udp |
| US | 8.8.8.8:53 | nmgftqptt.net | udp |
| US | 8.8.8.8:53 | otfgpst.net | udp |
| US | 8.8.8.8:53 | qqiyee.org | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | jcvlsinw.info | udp |
| US | 8.8.8.8:53 | quygei.com | udp |
| US | 8.8.8.8:53 | hoyydqlojws.net | udp |
| US | 8.8.8.8:53 | ncpwsx.net | udp |
| US | 8.8.8.8:53 | bnvqqc.info | udp |
| US | 8.8.8.8:53 | meimyc.org | udp |
| US | 8.8.8.8:53 | vfesjsbaf.com | udp |
| US | 8.8.8.8:53 | wfhuhibiwsp.info | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | scdfnsykn.net | udp |
| US | 8.8.8.8:53 | chohaffm.info | udp |
| US | 8.8.8.8:53 | utxvvtsh.net | udp |
| US | 8.8.8.8:53 | diigweqon.com | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | omoxmcu.info | udp |
| US | 8.8.8.8:53 | quhilgt.info | udp |
| US | 8.8.8.8:53 | ejhsbibuo.net | udp |
| US | 8.8.8.8:53 | fmlyjiscv.com | udp |
| US | 8.8.8.8:53 | wnnkbwq.info | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | byvxdmp.net | udp |
| US | 8.8.8.8:53 | pltmczynl.info | udp |
| US | 8.8.8.8:53 | wszvezwmrw.info | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | gommmomssq.org | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | mgioxzkix.net | udp |
| US | 8.8.8.8:53 | xbpefsh.info | udp |
| US | 8.8.8.8:53 | bcduzrwgklw.net | udp |
| US | 8.8.8.8:53 | bmztqcv.com | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | ywfuuym.net | udp |
| US | 8.8.8.8:53 | wiglykwae.net | udp |
| US | 8.8.8.8:53 | igeuwgygkg.org | udp |
| US | 8.8.8.8:53 | dqvevwd.info | udp |
| US | 8.8.8.8:53 | nzmlbzgk.net | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | ugiqoyya.org | udp |
| US | 8.8.8.8:53 | xavlflmv.info | udp |
| US | 8.8.8.8:53 | pepymsq.com | udp |
| US | 8.8.8.8:53 | jvibdsjkch.net | udp |
| US | 8.8.8.8:53 | zdvgakdahd.info | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | phsplyh.com | udp |
| US | 8.8.8.8:53 | wcquwkmo.org | udp |
| US | 8.8.8.8:53 | iwluxplgw.info | udp |
| US | 8.8.8.8:53 | gcnwhexgt.info | udp |
| US | 8.8.8.8:53 | jypqced.org | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | gqfcvchwv.net | udp |
| US | 8.8.8.8:53 | citroy.info | udp |
| US | 8.8.8.8:53 | keeoiees.com | udp |
| US | 8.8.8.8:53 | ygkfbigvjq.info | udp |
| US | 8.8.8.8:53 | zendty.info | udp |
| US | 8.8.8.8:53 | ptujckqxhdeo.net | udp |
| US | 8.8.8.8:53 | kxyuozlwmlhj.info | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | obxafewmj.info | udp |
| US | 8.8.8.8:53 | zjmqhwp.info | udp |
| US | 8.8.8.8:53 | wurvrdnkkij.info | udp |
| US | 8.8.8.8:53 | mgkgeh.info | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | emhubirnvrl.info | udp |
| US | 8.8.8.8:53 | neuclptcwr.info | udp |
| US | 8.8.8.8:53 | yhhzdbrkmfic.info | udp |
| US | 8.8.8.8:53 | xbhccm.info | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | uezqtablkhao.info | udp |
| US | 8.8.8.8:53 | qhomuazeb.net | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | iotrojfwi.net | udp |
| US | 8.8.8.8:53 | nllgvmc.info | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | hufruhwiab.info | udp |
| US | 8.8.8.8:53 | mwkuqk.com | udp |
| US | 8.8.8.8:53 | gqrtxwywf.info | udp |
| US | 8.8.8.8:53 | eooekyeaoiic.org | udp |
| US | 8.8.8.8:53 | sqdmlmoqdmd.info | udp |
| US | 8.8.8.8:53 | qivcfzf.info | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | vmfgpri.net | udp |
| US | 8.8.8.8:53 | nwkkjifwqil.info | udp |
| US | 8.8.8.8:53 | twchowfkdfy.info | udp |
| US | 8.8.8.8:53 | drtsxwxmj.info | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | hxzmgvrciuzn.net | udp |
| US | 8.8.8.8:53 | vcmcub.net | udp |
| US | 8.8.8.8:53 | fpdzcf.net | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | qmyarj.info | udp |
| US | 8.8.8.8:53 | bmrkjmtyjfn.org | udp |
| US | 8.8.8.8:53 | xkfcvmtcmez.info | udp |
| US | 8.8.8.8:53 | voflgepciyp.net | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | mkgkmwuy.org | udp |
| US | 8.8.8.8:53 | wcgguvuixvd.net | udp |
| US | 8.8.8.8:53 | iecbwr.net | udp |
| US | 8.8.8.8:53 | awoevws.net | udp |
| US | 8.8.8.8:53 | ohnbqinh.info | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | tsiypnkcmf.info | udp |
| US | 8.8.8.8:53 | dcxwjai.com | udp |
| US | 8.8.8.8:53 | jjmauz.info | udp |
| US | 8.8.8.8:53 | zwfigpu.net | udp |
| US | 8.8.8.8:53 | tycecdhnagp.org | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | lyxzktdavfgy.info | udp |
| US | 8.8.8.8:53 | lhgqgdnsqr.net | udp |
| US | 8.8.8.8:53 | isbjbgao.info | udp |
| US | 8.8.8.8:53 | zslarw.net | udp |
| US | 8.8.8.8:53 | kwtyrov.net | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | oeqyaa.com | udp |
| US | 8.8.8.8:53 | lctavcja.info | udp |
| US | 8.8.8.8:53 | zkgsldl.com | udp |
| US | 8.8.8.8:53 | rfwcbkj.net | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | lgmqzezefhc.info | udp |
| US | 8.8.8.8:53 | mhoktmkpf.info | udp |
| US | 8.8.8.8:53 | wjvnorsibr.info | udp |
| US | 8.8.8.8:53 | ncrdbxr.net | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | kktgbof.net | udp |
| US | 8.8.8.8:53 | awvmtqfqcgxa.info | udp |
| US | 8.8.8.8:53 | aljiyzkufgo.net | udp |
| US | 8.8.8.8:53 | ukrifobxhm.net | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | ksnelpckjan.info | udp |
| US | 8.8.8.8:53 | qqbatsr.info | udp |
| US | 8.8.8.8:53 | ccqiaocs.com | udp |
| US | 8.8.8.8:53 | ewqypkiyu.info | udp |
| US | 8.8.8.8:53 | agwkyw.org | udp |
| US | 8.8.8.8:53 | miqeemsoua.org | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | fzxlrnnbpuhb.info | udp |
| US | 8.8.8.8:53 | xhdztsfyg.com | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | exsxpkzd.net | udp |
| US | 8.8.8.8:53 | uitcuruqyd.net | udp |
| US | 8.8.8.8:53 | oesrwsp.info | udp |
| US | 8.8.8.8:53 | gemiauau.org | udp |
| US | 8.8.8.8:53 | mcgagq.com | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | nufndcbsztr.org | udp |
| US | 8.8.8.8:53 | zonwziuqj.org | udp |
| US | 8.8.8.8:53 | sgnnggoqacwg.info | udp |
| US | 8.8.8.8:53 | ucrezc.info | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | kjssrc.info | udp |
| US | 8.8.8.8:53 | mydujvzmh.net | udp |
| US | 8.8.8.8:53 | xykbdyy.info | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | wdgbllvsu.net | udp |
| US | 8.8.8.8:53 | rprorwnvpu.info | udp |
| US | 8.8.8.8:53 | xjzrpmepzl.net | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | syfylgo.net | udp |
| US | 8.8.8.8:53 | skokgk.com | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | gwxzsgouvi.info | udp |
| US | 8.8.8.8:53 | fhxeuqcuk.org | udp |
| US | 8.8.8.8:53 | yrfwmjuz.net | udp |
| US | 8.8.8.8:53 | qgeqyc.org | udp |
| US | 8.8.8.8:53 | uuzyetze.net | udp |
| US | 8.8.8.8:53 | hmnwnbiyx.org | udp |
| US | 8.8.8.8:53 | ycdkhpdkdyq.net | udp |
| US | 8.8.8.8:53 | vkwslitadqv.org | udp |
| US | 8.8.8.8:53 | akagqeoqcu.org | udp |
| US | 8.8.8.8:53 | wgceuymw.org | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | gqochr.info | udp |
| US | 8.8.8.8:53 | avhjmfuszlfz.net | udp |
| US | 8.8.8.8:53 | hmhezvr.com | udp |
| US | 8.8.8.8:53 | pypnfinkndbc.net | udp |
| US | 8.8.8.8:53 | glazmclalnjq.info | udp |
| US | 8.8.8.8:53 | fwzcxotpvnwx.info | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | voaqjkvfqu.net | udp |
| US | 8.8.8.8:53 | ioxoncrnj.info | udp |
| US | 8.8.8.8:53 | mxazdwajqr.net | udp |
| US | 8.8.8.8:53 | bwadwuie.net | udp |
| US | 8.8.8.8:53 | qouqkgygug.com | udp |
| US | 8.8.8.8:53 | hxyypwalcqj.net | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | swwgquoc.com | udp |
| US | 8.8.8.8:53 | plxyeb.net | udp |
| US | 8.8.8.8:53 | ziekborfn.info | udp |
| US | 8.8.8.8:53 | egwoee.com | udp |
| US | 8.8.8.8:53 | ygmshyw.info | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | ygnyhd.net | udp |
| US | 8.8.8.8:53 | czrlbd.info | udp |
| US | 8.8.8.8:53 | byqkbud.org | udp |
| US | 8.8.8.8:53 | hrjdtn.net | udp |
| US | 8.8.8.8:53 | dtlvfetidah.org | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | bllgtqoiqsyu.info | udp |
| US | 8.8.8.8:53 | oicuvofdmab.net | udp |
| US | 8.8.8.8:53 | xixaqejgz.info | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | revuncvwh.info | udp |
| US | 8.8.8.8:53 | seiwqy.org | udp |
| US | 8.8.8.8:53 | wmkerqb.info | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | emouiqoeey.com | udp |
| US | 8.8.8.8:53 | iglgtdahtsm.info | udp |
| US | 8.8.8.8:53 | zkvcfhdod.info | udp |
| US | 8.8.8.8:53 | pyznnutt.info | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | wqxopepldat.info | udp |
| US | 8.8.8.8:53 | lqsyzc.net | udp |
| US | 8.8.8.8:53 | sefqteznn.info | udp |
| US | 8.8.8.8:53 | ewayssyimayu.com | udp |
| US | 8.8.8.8:53 | sehczr.info | udp |
| US | 8.8.8.8:53 | iqffdnc.info | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | pdmrucfubtmk.net | udp |
| US | 8.8.8.8:53 | xljrjsp.org | udp |
| US | 8.8.8.8:53 | rjnypbap.net | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | dmnyptpqhkf.net | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | gcausooi.org | udp |
| US | 8.8.8.8:53 | amvytwmmpyl.net | udp |
| US | 8.8.8.8:53 | qwjuearsvlz.net | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | piqvtqqzww.info | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | oqmyoq.com | udp |
| US | 8.8.8.8:53 | urpidmn.net | udp |
| US | 8.8.8.8:53 | mslolyhwkov.info | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | sotfpofef.net | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | oazkreq.net | udp |
| US | 8.8.8.8:53 | wsfxpojsfpck.net | udp |
| US | 8.8.8.8:53 | zvpmtea.org | udp |
| US | 8.8.8.8:53 | lisygqyyrvi.net | udp |
| US | 8.8.8.8:53 | csxxbdpz.info | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | xkngfuhsvol.info | udp |
| US | 8.8.8.8:53 | vdttvwt.net | udp |
| US | 8.8.8.8:53 | yylpjmp.net | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | runsxfl.net | udp |
| US | 8.8.8.8:53 | mglyesvca.info | udp |
| US | 8.8.8.8:53 | vxlldv.info | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | dnclmcrprd.info | udp |
| US | 8.8.8.8:53 | qyomkseugego.org | udp |
| US | 8.8.8.8:53 | ossmtwvkqrx.info | udp |
| US | 8.8.8.8:53 | utftxtcd.info | udp |
| US | 8.8.8.8:53 | suuksgjskyn.net | udp |
| US | 8.8.8.8:53 | cmicra.info | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | qeoggcyamgmq.com | udp |
| US | 8.8.8.8:53 | trberutyvm.net | udp |
| US | 8.8.8.8:53 | yusooomu.com | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | wgsuuewiumug.com | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | xtrzdr.net | udp |
| US | 8.8.8.8:53 | magccnonlt.net | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | iovtfshfmj.net | udp |
| US | 8.8.8.8:53 | vcdcdnmsd.org | udp |
| US | 8.8.8.8:53 | yttzltpbba.info | udp |
| US | 8.8.8.8:53 | vcpsunocjjc.com | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | kndiabxd.net | udp |
| US | 8.8.8.8:53 | ayceaeogegmc.org | udp |
| US | 8.8.8.8:53 | aojkbwfstty.net | udp |
| US | 8.8.8.8:53 | nnbpnyl.net | udp |
| US | 8.8.8.8:53 | dvdzsgvxczea.info | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | kiejqcfznz.info | udp |
| US | 8.8.8.8:53 | kbyiqznaieb.net | udp |
| US | 8.8.8.8:53 | jojczdwilgd.com | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | wutgtqbah.net | udp |
| US | 8.8.8.8:53 | kagkwqssik.org | udp |
| US | 8.8.8.8:53 | iedvvl.info | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | tkocfonid.org | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | yrnkbwrwtsry.net | udp |
| US | 8.8.8.8:53 | uihnuzvguxh.info | udp |
| US | 8.8.8.8:53 | vqjcyivgbub.com | udp |
| US | 8.8.8.8:53 | rzojhevplo.net | udp |
| US | 8.8.8.8:53 | oexbdowotgp.net | udp |
| US | 8.8.8.8:53 | njckzucv.net | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | iifqtif.net | udp |
| US | 8.8.8.8:53 | cusysu.org | udp |
| US | 8.8.8.8:53 | yssguy.org | udp |
| US | 8.8.8.8:53 | ddkrkh.info | udp |
| US | 8.8.8.8:53 | oqxlwam.info | udp |
| US | 8.8.8.8:53 | pszdvwo.info | udp |
| US | 8.8.8.8:53 | hsgammbenkn.org | udp |
| US | 8.8.8.8:53 | uuogdcue.net | udp |
| US | 8.8.8.8:53 | mqptieyjq.net | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | thwwmxr.org | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | mmuqiw.com | udp |
| US | 8.8.8.8:53 | yaywys.com | udp |
| US | 8.8.8.8:53 | vplnjbndgb.info | udp |
| US | 8.8.8.8:53 | eeguelsy.info | udp |
| US | 8.8.8.8:53 | enweyw.net | udp |
| US | 8.8.8.8:53 | xazvakduuuo.info | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | ioracfvcgku.info | udp |
| US | 8.8.8.8:53 | vyjyzy.info | udp |
| US | 8.8.8.8:53 | okoqkqqkqqog.com | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | fzfgsgvn.net | udp |
| US | 8.8.8.8:53 | zkmopuvab.net | udp |
| US | 8.8.8.8:53 | stlgjcryu.net | udp |
| US | 8.8.8.8:53 | okrezoibls.info | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | ukymhih.info | udp |
| US | 8.8.8.8:53 | giwnsrhzikp.net | udp |
| US | 8.8.8.8:53 | ngqrxu.info | udp |
| US | 8.8.8.8:53 | mwwykcj.net | udp |
| US | 8.8.8.8:53 | byjllzwmuylz.net | udp |
| US | 8.8.8.8:53 | fbjwwqb.net | udp |
| US | 8.8.8.8:53 | uriwfyn.net | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | kspwoad.net | udp |
| US | 8.8.8.8:53 | zygonpqh.info | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | wpzyftbi.net | udp |
| US | 8.8.8.8:53 | qkksoq.org | udp |
| US | 8.8.8.8:53 | jhuheh.info | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | vmbsqsfsfafj.info | udp |
| US | 8.8.8.8:53 | oexedeznfax.net | udp |
| US | 8.8.8.8:53 | uxykswd.net | udp |
| US | 8.8.8.8:53 | efqgewfovdtb.net | udp |
| US | 8.8.8.8:53 | scqotodadiu.info | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | rbpcvkpnr.info | udp |
| US | 8.8.8.8:53 | nwumnjov.net | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | woyznzwolkxd.info | udp |
| US | 8.8.8.8:53 | soewsekawuem.com | udp |
| US | 8.8.8.8:53 | xghgdttie.info | udp |
| US | 8.8.8.8:53 | agaeocwk.com | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | gcjfmzxdrxnl.info | udp |
| US | 8.8.8.8:53 | qteaexegpu.info | udp |
| US | 8.8.8.8:53 | dwbqrycnj.com | udp |
| US | 8.8.8.8:53 | udicwpp.net | udp |
| US | 8.8.8.8:53 | wkiqqeouum.org | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | vmzcbrpqmnu.org | udp |
| US | 8.8.8.8:53 | jljyxlkgjmxh.info | udp |
| US | 8.8.8.8:53 | lsrpzqgehxb.com | udp |
| US | 8.8.8.8:53 | hrgyviddjz.net | udp |
| US | 8.8.8.8:53 | wmmcgqqioegs.org | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | fvdzfumeu.org | udp |
| US | 8.8.8.8:53 | jtrgetcs.net | udp |
| US | 8.8.8.8:53 | kcoyiscu.com | udp |
| US | 8.8.8.8:53 | ahlgod.info | udp |
| US | 8.8.8.8:53 | tgaqehrvhy.info | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | xygrzadrxw.net | udp |
| US | 8.8.8.8:53 | guuyxfv.net | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | bzckluzaxh.net | udp |
| US | 8.8.8.8:53 | omyxmuxanifs.info | udp |
| US | 8.8.8.8:53 | vfoqlmoi.net | udp |
| US | 8.8.8.8:53 | ayiaae.com | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | livumqzonrt.net | udp |
| US | 8.8.8.8:53 | docsbqblcm.info | udp |
| US | 8.8.8.8:53 | wkyaiyaq.com | udp |
| US | 8.8.8.8:53 | lgyszoz.net | udp |
| US | 8.8.8.8:53 | phtdqqiqcn.net | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | iwanidcgd.net | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | quziuqq.net | udp |
| US | 8.8.8.8:53 | uotdtmhsujq.net | udp |
| US | 8.8.8.8:53 | burszymam.info | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | xzorndrepw.info | udp |
| US | 8.8.8.8:53 | ekkkam.org | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | qusklqf.net | udp |
| US | 8.8.8.8:53 | couewqgwmqoi.com | udp |
| US | 8.8.8.8:53 | enahnnfd.info | udp |
| US | 8.8.8.8:53 | jzxeukc.info | udp |
| US | 8.8.8.8:53 | lippduto.info | udp |
| US | 8.8.8.8:53 | rwmwxyv.net | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | ayqqyucq.org | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | sihmfmo.net | udp |
| US | 8.8.8.8:53 | pdlwqsf.com | udp |
| US | 8.8.8.8:53 | cwjwvtdzsc.net | udp |
| US | 8.8.8.8:53 | quymioom.org | udp |
| US | 8.8.8.8:53 | vszyrsr.info | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | nvmnlg.net | udp |
| US | 8.8.8.8:53 | kjvvoizpwutk.info | udp |
| US | 8.8.8.8:53 | qsaygg.com | udp |
| US | 8.8.8.8:53 | faudsjaz.net | udp |
| US | 8.8.8.8:53 | jafjrrtwb.info | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | jrzfyflondu.com | udp |
| US | 8.8.8.8:53 | smmkbeyiij.net | udp |
| US | 8.8.8.8:53 | snhzhakufssh.info | udp |
| US | 8.8.8.8:53 | jzvfhb.net | udp |
| US | 8.8.8.8:53 | yvtrpyt.info | udp |
| US | 8.8.8.8:53 | gwcxvqtytk.info | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | ciosomymsaam.org | udp |
| US | 8.8.8.8:53 | islofirjz.net | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | nlzqfql.com | udp |
| US | 8.8.8.8:53 | lafovgv.info | udp |
| US | 8.8.8.8:53 | fwvhrqdkx.net | udp |
| US | 8.8.8.8:53 | qwcecuawd.net | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | iuioekiyqm.org | udp |
| US | 8.8.8.8:53 | vsxusclwir.net | udp |
| US | 8.8.8.8:53 | syzioqlrx.info | udp |
| US | 8.8.8.8:53 | pgophcaynzf.org | udp |
| US | 8.8.8.8:53 | oyibjb.net | udp |
| US | 8.8.8.8:53 | rayvcqwozmvj.info | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | bnkglyrmquz.com | udp |
| US | 8.8.8.8:53 | xyibnqc.org | udp |
| US | 8.8.8.8:53 | ewigsgkuycqo.org | udp |
| US | 8.8.8.8:53 | bpdetxnsbszp.info | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | ooogqmia.org | udp |
| US | 8.8.8.8:53 | pvqpflfb.net | udp |
| US | 8.8.8.8:53 | sqecwgqm.org | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | odnwtcbyjwp.info | udp |
| US | 8.8.8.8:53 | yacgigoemqcy.org | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | zidosj.net | udp |
| US | 8.8.8.8:53 | vlvtck.info | udp |
| US | 8.8.8.8:53 | mgcgoaswyy.org | udp |
| US | 8.8.8.8:53 | mbgpufdgur.net | udp |
| US | 8.8.8.8:53 | ltkbeyinwv.net | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | okasgwmsce.org | udp |
| US | 8.8.8.8:53 | wqsqgu.org | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | apqaidfwpfzp.info | udp |
| US | 8.8.8.8:53 | ndkgdeccv.org | udp |
| US | 8.8.8.8:53 | iapkroxwkqh.net | udp |
| US | 8.8.8.8:53 | cysgysgysg.org | udp |
| US | 8.8.8.8:53 | wxwmiblxta.info | udp |
| US | 8.8.8.8:53 | rrkialecisvj.info | udp |
| US | 8.8.8.8:53 | eoxabffqacd.info | udp |
Files
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
| MD5 | 88a3d7432ff5d5cee011047d7a3acb16 |
| SHA1 | 9c5b95142911b292dc75e120545949a1dca72d12 |
| SHA256 | fa10ed2990ca760fb82fc16facf3d805f1a12ee3a8e5a723844cc1a0e3b88fcb |
| SHA512 | 3d0ff8fe2113ddb3f94bb4f041d7005e11681e4c912ce55f486722adef62df1bd36332fb489a2d61632980ba1f5a60dd8ef71697b21f199611b6010da3ca2147 |
C:\Windows\SysWOW64\mbanjyuiangypnuufg.exe
| MD5 | bc2c2e6019e42289641123c2db3584dc |
| SHA1 | e7b2c809bf63f0a3a362b2b5e4930a5a1b5c7d9b |
| SHA256 | 9223f4748f528658ba3ac30515cf3ac1817677baaf345441d021e98ebd8891af |
| SHA512 | f31491a41da42f042c41060fa394c5fe36afcb9edb1507d1119936c9f26c79b5a90945393d532b817f1b8007989800e1b823766673f3704154b32cb4ae99af6b |
C:\Users\Admin\AppData\Local\Temp\knablo.exe
| MD5 | 03d71d9923f836cfc10cfd03be8075f5 |
| SHA1 | 20d6bf258bb94df36260023a2d1bf49953e7e0b4 |
| SHA256 | 2b5bb2307024011817d2108b206656b9ce68c456986a2d3ee1c295b65c82db08 |
| SHA512 | d551cbd021acb3eb7e04cf0accbad79d1f90d1e7cc17ece456fd6825adda3851293232289e124d938001e5c4b486f5c472f66d1f271afd9acf792aeac087ae6e |
C:\Users\Admin\AppData\Local\bzhdiglijfhiipfoisqyuzx.zaw
| MD5 | ae747c098f486e30205600a7f7886e0d |
| SHA1 | 4cb67e27f69ced2b97240d8464f96a3dd0e70ea4 |
| SHA256 | d9db6a8d1ad22ec4ae9044c45a73ad5488cf42bd25725718892f1995c20dd96c |
| SHA512 | d48ad2017d3a065c8edd1e98e1166e5e5b37c0f51ad9a96d738edd2bc92009aa09197f0eadc8055fe56f2b7df28fc628547a2859d6211df8473a6f918906b559 |
C:\Users\Admin\AppData\Local\oxqxnwmugnamxpqkpktmtjsiqcjwitlmgl.pip
| MD5 | 71a442dbd3c2e6ccb4dc9f76903a30df |
| SHA1 | d9110671f176f6f59db2f6d2a6c96a857a9a040d |
| SHA256 | b039b6e4be834465e8a7e1a8e89a3c36b58b2fca36f042ad06a62f28cac775f6 |
| SHA512 | 8e694d411b41623b8f6e12ca1ef875239a796c6e111eb9f0208e6b03521b5b7811f3723808878a703cbf8afba413761b05b78d1493b7fc8ca57247a8f6c4a99a |
C:\Program Files (x86)\bzhdiglijfhiipfoisqyuzx.zaw
| MD5 | bdc42c30c77e6ed4948043c539f9ef43 |
| SHA1 | 3e357656b7edf04bc2afa73a8d6337ee2db3e191 |
| SHA256 | 308073b5eca8f49866b535426e085feacc1e9c642a639567632d23aa719e77b5 |
| SHA512 | 3195b332ee92f91a5f363720b7b505a25b1f76b692fc2314e9af3576c70e6dd95b8c2f568e60110406bea705c68e59aa407052b1c814f23f9ff4b39b49c0e5f3 |
C:\Program Files (x86)\bzhdiglijfhiipfoisqyuzx.zaw
| MD5 | 1e3c1ea6cc107016b2fd9af43313cc67 |
| SHA1 | d94b3087efc4356138914a56142cf5564fdf338e |
| SHA256 | 5435ce3e88b8426f22cc86fb00846649d894bb8ab7071519b6ffdaa627d1a014 |
| SHA512 | 55c2da45df8940aa313f4783e4fdbec0ce6c94ba288b6fbffd4977b95769fa79038029ee831585842ea6d1345a61666d785725701d83947b83d4cb2551fe599c |
C:\Program Files (x86)\bzhdiglijfhiipfoisqyuzx.zaw
| MD5 | 5d3c43fc2a24442d4c5baf7c73e2a2cf |
| SHA1 | b1bdd21417a94048c87b81284fc81b61a597ddb3 |
| SHA256 | 309b978137b147de35517ac75536a74500cdaf93a3b6fb798b709474760d5556 |
| SHA512 | 3d80fe9cb4f60ccf3b0779852c795fa310b1887f7887aa599847f1f5ca3f22375790c0d4ffa469fb37a5dbec97fec2f3ac8abebcb2fd21aa420b3eadce693e13 |
C:\Program Files (x86)\bzhdiglijfhiipfoisqyuzx.zaw
| MD5 | 00b8f845024cd2feb0ffdd9108ae05b9 |
| SHA1 | 1046e79173ba51887474ac1addb20e25562c5660 |
| SHA256 | 6c0a673146d96a143a140064f9ecf08d75b8295f3efdda9a65581918e7638df4 |
| SHA512 | 2a6b521508c14987823a8c1a43b60f1384bd338a58235de1602acb23ede4fb54c0e05008bc7736bd740fdaa1989c63518a5242eb5dc6dd53f3b1c9074adb48f4 |
C:\Program Files (x86)\bzhdiglijfhiipfoisqyuzx.zaw
| MD5 | ec44eaf95d0f8db1e41fa67bcffb7b26 |
| SHA1 | 40d129f160d1268cb4651ad0c03cec048b805895 |
| SHA256 | 53af6610eb266b7605342ead87ba39e3af29156121effccbadcc9c276c93a2a2 |
| SHA512 | 6ea98ec1602a1b912862067bb68c39c7672ca7afdab461dfb10a3cea6b6788a98cadd430d12ae4a2e33a88cdfb358a9d4ba7f9be218a2fe6533f6ed142fe9cf0 |
C:\Program Files (x86)\bzhdiglijfhiipfoisqyuzx.zaw
| MD5 | dd0580b4ffb750aa059d10910c2383f7 |
| SHA1 | 3c091fb5428e24ed0bc24be8e74a5d5f53c3022a |
| SHA256 | a4de47b4d0c204ea52bc1673357a27559566f09fbbda2de6bfc59bd2b54e1c20 |
| SHA512 | 316ba05d034a68d79f12e4e3af35836f4e6f77d3f8adfa7a443778699de92d1a1d3557ce9b53ea4dd12a9eacd4e9ce11c61615dd0f7b0a7006ff02882c3a76e4 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-04-18 02:23
Reported
2025-04-18 02:26
Platform
win11-20250410-en
Max time kernel
54s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ngtqiuqebqtpjlqjmg.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysgexkhwukolgjpjnic.exe" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xozukuoavijdvvyp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ewievgbokyavoptln.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "xozukuoavijdvvyp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ngtqiuqebqtpjlqjmg.exe" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xozukuoavijdvvyp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ngtqiuqebqtpjlqjmg.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ewievgbokyavoptln.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xozukuoavijdvvyp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "xozukuoavijdvvyp.exe" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ngtqiuqebqtpjlqjmg.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xozukuoavijdvvyp.exe" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysgexkhwukolgjpjnic.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ngtqiuqebqtpjlqjmg.exe" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\awmmhwvmmekjgltpvsoka.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ysgexkhwukolgjpjnic.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysgexkhwukolgjpjnic.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "awmmhwvmmekjgltpvsoka.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lgvuocaqpgljfjqlqmhc.exe" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lgvuocaqpgljfjqlqmhc.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "lgvuocaqpgljfjqlqmhc.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ewievgbokyavoptln.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ewievgbokyavoptln.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "awmmhwvmmekjgltpvsoka.exe" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xozukuoavijdvvyp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ngtqiuqebqtpjlqjmg.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "xozukuoavijdvvyp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ysgexkhwukolgjpjnic.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ngtqiuqebqtpjlqjmg.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "awmmhwvmmekjgltpvsoka.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysgexkhwukolgjpjnic.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ngtqiuqebqtpjlqjmg.exe" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\awmmhwvmmekjgltpvsoka.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysgexkhwukolgjpjnic.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nwzmuwim = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lgvuocaqpgljfjqlqmhc.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "awmmhwvmmekjgltpvsoka.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ngtqiuqebqtpjlqjmg.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "awmmhwvmmekjgltpvsoka.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ngtqiuqebqtpjlqjmg.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sekalqfmckg = "ngtqiuqebqtpjlqjmg.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "xozukuoavijdvvyp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pengucuexihzpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysgexkhwukolgjpjnic.exe ." | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\pcjamsiqhqnd = "xozukuoavijdvvyp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sismbkdoiuunedf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\awmmhwvmmekjgltpvsoka.exe" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ngtqiuqebqtpjlqjmg.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "lgvuocaqpgljfjqlqmhc.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pengucuexihzpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\awmmhwvmmekjgltpvsoka.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "xozukuoavijdvvyp.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sismbkdoiuunedf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ngtqiuqebqtpjlqjmg.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\pcjamsiqhqnd = "awmmhwvmmekjgltpvsoka.exe" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ockcpwnwoywnc = "ewievgbokyavoptln.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "xozukuoavijdvvyp.exe" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "awmmhwvmmekjgltpvsoka.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ockcpwnwoywnc = "ysgexkhwukolgjpjnic.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ockcpwnwoywnc = "ngtqiuqebqtpjlqjmg.exe ." | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xozukuoavijdvvyp.exe ." | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "ngtqiuqebqtpjlqjmg.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\pcjamsiqhqnd = "awmmhwvmmekjgltpvsoka.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xozukuoavijdvvyp.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sismbkdoiuunedf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ngtqiuqebqtpjlqjmg.exe" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "awmmhwvmmekjgltpvsoka.exe ." | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ockcpwnwoywnc = "ewievgbokyavoptln.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "xozukuoavijdvvyp.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xozukuoavijdvvyp.exe" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ockcpwnwoywnc = "ysgexkhwukolgjpjnic.exe ." | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysgexkhwukolgjpjnic.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\pcjamsiqhqnd = "xozukuoavijdvvyp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pengucuexihzpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ewievgbokyavoptln.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\pcjamsiqhqnd = "lgvuocaqpgljfjqlqmhc.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pengucuexihzpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ewievgbokyavoptln.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ewievgbokyavoptln.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pengucuexihzpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysgexkhwukolgjpjnic.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pengucuexihzpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysgexkhwukolgjpjnic.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\pcjamsiqhqnd = "ysgexkhwukolgjpjnic.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pengucuexihzpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xozukuoavijdvvyp.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pengucuexihzpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\awmmhwvmmekjgltpvsoka.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "xozukuoavijdvvyp.exe" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "xozukuoavijdvvyp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "ysgexkhwukolgjpjnic.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sismbkdoiuunedf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\awmmhwvmmekjgltpvsoka.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\pcjamsiqhqnd = "ysgexkhwukolgjpjnic.exe" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "ewievgbokyavoptln.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "ewievgbokyavoptln.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\awmmhwvmmekjgltpvsoka.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "lgvuocaqpgljfjqlqmhc.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ockcpwnwoywnc = "ewievgbokyavoptln.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ockcpwnwoywnc = "ysgexkhwukolgjpjnic.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pengucuexihzpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\awmmhwvmmekjgltpvsoka.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\pcjamsiqhqnd = "ngtqiuqebqtpjlqjmg.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ockcpwnwoywnc = "xozukuoavijdvvyp.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sismbkdoiuunedf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ewievgbokyavoptln.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pengucuexihzpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ngtqiuqebqtpjlqjmg.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ysgexkhwukolgjpjnic.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "ysgexkhwukolgjpjnic.exe ." | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\pcjamsiqhqnd = "ngtqiuqebqtpjlqjmg.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\awmmhwvmmekjgltpvsoka.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sismbkdoiuunedf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lgvuocaqpgljfjqlqmhc.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "awmmhwvmmekjgltpvsoka.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xozukuoavijdvvyp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\eosgpsfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ewievgbokyavoptln.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "ngtqiuqebqtpjlqjmg.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xincmqekzg = "xozukuoavijdvvyp.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sismbkdoiuunedf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ngtqiuqebqtpjlqjmg.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\pcjamsiqhqnd = "xozukuoavijdvvyp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\awmmhwvmmekjgltpvsoka.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\ngtqiuqebqtpjlqjmg.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\rofgcssklelljpyvcaxulm.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\xozukuoavijdvvyp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xozukuoavijdvvyp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\awmmhwvmmekjgltpvsoka.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lgvuocaqpgljfjqlqmhc.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\ngtqiuqebqtpjlqjmg.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lgvuocaqpgljfjqlqmhc.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| File created | C:\Windows\SysWOW64\lgvuocaqpgljfjqlqmhc.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ngtqiuqebqtpjlqjmg.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\lgvuocaqpgljfjqlqmhc.exe | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| File created | C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rofgcssklelljpyvcaxulm.exe | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rofgcssklelljpyvcaxulm.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xozukuoavijdvvyp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xozukuoavijdvvyp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\xozukuoavijdvvyp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xozukuoavijdvvyp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\awmmhwvmmekjgltpvsoka.exe | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ngtqiuqebqtpjlqjmg.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\lgvuocaqpgljfjqlqmhc.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lgvuocaqpgljfjqlqmhc.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\lgvuocaqpgljfjqlqmhc.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lgvuocaqpgljfjqlqmhc.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\awmmhwvmmekjgltpvsoka.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\awmmhwvmmekjgltpvsoka.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xozukuoavijdvvyp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\rofgcssklelljpyvcaxulm.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\ngtqiuqebqtpjlqjmg.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\rofgcssklelljpyvcaxulm.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ngtqiuqebqtpjlqjmg.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rofgcssklelljpyvcaxulm.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\xozukuoavijdvvyp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lgvuocaqpgljfjqlqmhc.exe | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| File created | C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\rofgcssklelljpyvcaxulm.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\awmmhwvmmekjgltpvsoka.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\awmmhwvmmekjgltpvsoka.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pengucuexihzpnodcshwfymumwpazrhfgvuk.oxq | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xozukuoavijdvvyp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lgvuocaqpgljfjqlqmhc.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\awmmhwvmmekjgltpvsoka.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ysgexkhwukolgjpjnic.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\awmmhwvmmekjgltpvsoka.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\komuxubaiiwdivlpdimqowzwd.kky | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| File created | C:\Program Files (x86)\komuxubaiiwdivlpdimqowzwd.kky | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| File opened for modification | C:\Program Files (x86)\pengucuexihzpnodcshwfymumwpazrhfgvuk.oxq | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| File created | C:\Program Files (x86)\pengucuexihzpnodcshwfymumwpazrhfgvuk.oxq | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\rofgcssklelljpyvcaxulm.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\lgvuocaqpgljfjqlqmhc.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\lgvuocaqpgljfjqlqmhc.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\xozukuoavijdvvyp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\awmmhwvmmekjgltpvsoka.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\xozukuoavijdvvyp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ngtqiuqebqtpjlqjmg.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\ngtqiuqebqtpjlqjmg.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ysgexkhwukolgjpjnic.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\awmmhwvmmekjgltpvsoka.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\rofgcssklelljpyvcaxulm.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\komuxubaiiwdivlpdimqowzwd.kky | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| File opened for modification | C:\Windows\rofgcssklelljpyvcaxulm.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ngtqiuqebqtpjlqjmg.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\xozukuoavijdvvyp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\xozukuoavijdvvyp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\xozukuoavijdvvyp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\xozukuoavijdvvyp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\xozukuoavijdvvyp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\rofgcssklelljpyvcaxulm.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\rofgcssklelljpyvcaxulm.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\rofgcssklelljpyvcaxulm.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ysgexkhwukolgjpjnic.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\awmmhwvmmekjgltpvsoka.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\ysgexkhwukolgjpjnic.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ysgexkhwukolgjpjnic.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\xozukuoavijdvvyp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ysgexkhwukolgjpjnic.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ysgexkhwukolgjpjnic.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\awmmhwvmmekjgltpvsoka.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ysgexkhwukolgjpjnic.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| File opened for modification | C:\Windows\lgvuocaqpgljfjqlqmhc.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\awmmhwvmmekjgltpvsoka.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\lgvuocaqpgljfjqlqmhc.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\lgvuocaqpgljfjqlqmhc.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\awmmhwvmmekjgltpvsoka.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\awmmhwvmmekjgltpvsoka.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ysgexkhwukolgjpjnic.exe | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| File opened for modification | C:\Windows\xozukuoavijdvvyp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ngtqiuqebqtpjlqjmg.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ngtqiuqebqtpjlqjmg.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\lgvuocaqpgljfjqlqmhc.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\awmmhwvmmekjgltpvsoka.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\rofgcssklelljpyvcaxulm.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\lgvuocaqpgljfjqlqmhc.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ysgexkhwukolgjpjnic.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\rofgcssklelljpyvcaxulm.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\lgvuocaqpgljfjqlqmhc.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\awmmhwvmmekjgltpvsoka.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\awmmhwvmmekjgltpvsoka.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ewievgbokyavoptln.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ngtqiuqebqtpjlqjmg.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xozukuoavijdvvyp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xozukuoavijdvvyp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\awmmhwvmmekjgltpvsoka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ysgexkhwukolgjpjnic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ngtqiuqebqtpjlqjmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ngtqiuqebqtpjlqjmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ewievgbokyavoptln.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ysgexkhwukolgjpjnic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ngtqiuqebqtpjlqjmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ysgexkhwukolgjpjnic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ysgexkhwukolgjpjnic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lgvuocaqpgljfjqlqmhc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lgvuocaqpgljfjqlqmhc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\awmmhwvmmekjgltpvsoka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ysgexkhwukolgjpjnic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xozukuoavijdvvyp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lgvuocaqpgljfjqlqmhc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xozukuoavijdvvyp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xozukuoavijdvvyp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xozukuoavijdvvyp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\awmmhwvmmekjgltpvsoka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\awmmhwvmmekjgltpvsoka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lgvuocaqpgljfjqlqmhc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\awmmhwvmmekjgltpvsoka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ewievgbokyavoptln.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xozukuoavijdvvyp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\lstekk.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc2c2e6019e42289641123c2db3584dc.exe"
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bc2c2e6019e42289641123c2db3584dc.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."
C:\Users\Admin\AppData\Local\Temp\lstekk.exe
"C:\Users\Admin\AppData\Local\Temp\lstekk.exe" "-C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe"
C:\Users\Admin\AppData\Local\Temp\lstekk.exe
"C:\Users\Admin\AppData\Local\Temp\lstekk.exe" "-C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe .
C:\Windows\lgvuocaqpgljfjqlqmhc.exe
lgvuocaqpgljfjqlqmhc.exe
C:\Windows\lgvuocaqpgljfjqlqmhc.exe
lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\lgvuocaqpgljfjqlqmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe .
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe .
C:\Windows\lgvuocaqpgljfjqlqmhc.exe
lgvuocaqpgljfjqlqmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\lgvuocaqpgljfjqlqmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe .
C:\Windows\lgvuocaqpgljfjqlqmhc.exe
lgvuocaqpgljfjqlqmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\lgvuocaqpgljfjqlqmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ngtqiuqebqtpjlqjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe
C:\Windows\lgvuocaqpgljfjqlqmhc.exe
lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ngtqiuqebqtpjlqjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe
C:\Windows\lgvuocaqpgljfjqlqmhc.exe
lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\lgvuocaqpgljfjqlqmhc.exe
lgvuocaqpgljfjqlqmhc.exe
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ngtqiuqebqtpjlqjmg.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ngtqiuqebqtpjlqjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe
C:\Windows\lgvuocaqpgljfjqlqmhc.exe
lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe
C:\Windows\lgvuocaqpgljfjqlqmhc.exe
lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe
C:\Windows\lgvuocaqpgljfjqlqmhc.exe
lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe .
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\lgvuocaqpgljfjqlqmhc.exe
lgvuocaqpgljfjqlqmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Windows\lgvuocaqpgljfjqlqmhc.exe
lgvuocaqpgljfjqlqmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\lgvuocaqpgljfjqlqmhc.exe*."
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\lgvuocaqpgljfjqlqmhc.exe*."
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe
C:\Windows\lgvuocaqpgljfjqlqmhc.exe
lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe .
C:\Windows\lgvuocaqpgljfjqlqmhc.exe
lgvuocaqpgljfjqlqmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\lgvuocaqpgljfjqlqmhc.exe*."
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\lgvuocaqpgljfjqlqmhc.exe
lgvuocaqpgljfjqlqmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\lgvuocaqpgljfjqlqmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ngtqiuqebqtpjlqjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe .
C:\Windows\lgvuocaqpgljfjqlqmhc.exe
lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."
C:\Windows\lgvuocaqpgljfjqlqmhc.exe
lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\lgvuocaqpgljfjqlqmhc.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe
C:\Windows\lgvuocaqpgljfjqlqmhc.exe
lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ewievgbokyavoptln.exe*."
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."
C:\Windows\lgvuocaqpgljfjqlqmhc.exe
lgvuocaqpgljfjqlqmhc.exe .
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\lgvuocaqpgljfjqlqmhc.exe*."
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe .
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ysgexkhwukolgjpjnic.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ngtqiuqebqtpjlqjmg.exe*."
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ngtqiuqebqtpjlqjmg.exe*."
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe .
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ngtqiuqebqtpjlqjmg.exe*."
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe
C:\Users\Admin\AppData\Local\Temp\ewievgbokyavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ewievgbokyavoptln.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe .
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xozukuoavijdvvyp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ewievgbokyavoptln.exe
C:\Windows\ewievgbokyavoptln.exe
ewievgbokyavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\ngtqiuqebqtpjlqjmg.exe
ngtqiuqebqtpjlqjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe .
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ysgexkhwukolgjpjnic.exe*."
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe
C:\Users\Admin\AppData\Local\Temp\awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hhbtihxynfljfjqlqmdd.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\hhbtihxynfljfjqlqmdd.exe
hhbtihxynfljfjqlqmdd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c utmdrpeesjolgjpjniy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\utmdrpeesjolgjpjniy.exe
utmdrpeesjolgjpjniy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhzpcznmzptpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\utmdrpeesjolgjpjniy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ysgexkhwukolgjpjnic.exe
C:\Windows\jhzpcznmzptpjlqjmg.exe
jhzpcznmzptpjlqjmg.exe
C:\Windows\ysgexkhwukolgjpjnic.exe
ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wxslbbsukdkjgltpvsklg.exe .
C:\Windows\wxslbbsukdkjgltpvsklg.exe
wxslbbsukdkjgltpvsklg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\utmdrpeesjolgjpjniy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\utmdrpeesjolgjpjniy.exe
C:\Users\Admin\AppData\Local\Temp\utmdrpeesjolgjpjniy.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\wxslbbsukdkjgltpvsklg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhzpcznmzptpjlqjmg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\jhzpcznmzptpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\jhzpcznmzptpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xozukuoavijdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\jhzpcznmzptpjlqjmg.exe*."
C:\Windows\xozukuoavijdvvyp.exe
xozukuoavijdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c awmmhwvmmekjgltpvsoka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe
C:\Windows\awmmhwvmmekjgltpvsoka.exe
awmmhwvmmekjgltpvsoka.exe .
C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe
C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wxslbbsukdkjgltpvsklg.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\awmmhwvmmekjgltpvsoka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\ysgexkhwukolgjpjnic.exe
C:\Users\Admin\AppData\Local\Temp\wxslbbsukdkjgltpvsklg.exe
C:\Users\Admin\AppData\Local\Temp\wxslbbsukdkjgltpvsklg.exe .
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe
C:\Users\Admin\AppData\Local\Temp\lgvuocaqpgljfjqlqmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\wxslbbsukdkjgltpvsklg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\lgvuocaqpgljfjqlqmhc.exe*."
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\ngtqiuqebqtpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ngtqiuqebqtpjlqjmg.exe*."
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe"
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lgvuocaqpgljfjqlqmhc.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| NL | 142.250.153.93:80 | www.youtube.com | tcp |
| LT | 78.61.84.37:30728 | tcp | |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | xbphsalajvww.net | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| LT | 78.61.84.37:30728 | tcp | |
| US | 8.8.8.8:53 | syhynijipma.info | udp |
| US | 8.8.8.8:53 | dvfkvhmu.net | udp |
| US | 8.8.8.8:53 | fgdqnmbcd.info | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | okrilkjkoes.info | udp |
| US | 8.8.8.8:53 | xtofap.info | udp |
| US | 8.8.8.8:53 | mzerlrfgle.info | udp |
| US | 8.8.8.8:53 | vqrkjozybof.net | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | unxyhnhfacdb.info | udp |
| US | 8.8.8.8:53 | gihpskmkngt.net | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | owcgkkmsoi.org | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | rtfavyy.org | udp |
| US | 8.8.8.8:53 | cskgkegcqyga.org | udp |
| US | 8.8.8.8:53 | xsdxyqd.com | udp |
| US | 8.8.8.8:53 | jhvkrt.info | udp |
| US | 8.8.8.8:53 | dybwrkb.info | udp |
| US | 8.8.8.8:53 | jpwuwbem.info | udp |
| US | 8.8.8.8:53 | xyxgjur.info | udp |
| US | 8.8.8.8:53 | ixfavmme.info | udp |
| US | 8.8.8.8:53 | tghclnarytma.info | udp |
| US | 8.8.8.8:53 | ublzoyngp.net | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | rnhvhfzmlcg.org | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | hcdmrpdgqut.org | udp |
| US | 8.8.8.8:53 | ronmvebyigb.com | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | pjelgigr.net | udp |
| US | 8.8.8.8:53 | uxrqiwtcm.info | udp |
| US | 8.8.8.8:53 | biqofmc.info | udp |
| US | 8.8.8.8:53 | ehwokz.info | udp |
| US | 8.8.8.8:53 | tsvfxx.net | udp |
| US | 8.8.8.8:53 | lopwdmsal.net | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | qarsjiqwl.net | udp |
| US | 8.8.8.8:53 | abzrrfn.net | udp |
| US | 8.8.8.8:53 | eadopseruoy.info | udp |
| US | 8.8.8.8:53 | jfludhaebi.net | udp |
| US | 8.8.8.8:53 | hkxwtqh.org | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | jwnqhrhupyg.net | udp |
| US | 8.8.8.8:53 | zekxugtb.net | udp |
| US | 8.8.8.8:53 | okrezoibls.info | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | kowugiqukueq.org | udp |
| US | 8.8.8.8:53 | misqhodbt.info | udp |
| US | 8.8.8.8:53 | jgbkhchc.info | udp |
| US | 8.8.8.8:53 | zohwdul.org | udp |
| US | 8.8.8.8:53 | pmytnthafaeg.info | udp |
| US | 8.8.8.8:53 | lpfhjzqc.info | udp |
| US | 8.8.8.8:53 | gwtrxn.net | udp |
| US | 8.8.8.8:53 | eiigwq.org | udp |
| US | 8.8.8.8:53 | mifajqicbnfb.net | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | cwqoag.com | udp |
| US | 8.8.8.8:53 | opkaxosltcd.net | udp |
| US | 8.8.8.8:53 | bcnzdi.info | udp |
| US | 8.8.8.8:53 | yaxgrkdcf.net | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | oqkgggsqooac.org | udp |
| US | 8.8.8.8:53 | hsfoamscdag.com | udp |
| US | 8.8.8.8:53 | fkgidsdepmn.com | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | gaomsygwas.com | udp |
| US | 8.8.8.8:53 | ravivgz.net | udp |
| US | 8.8.8.8:53 | iowglhtdvuf.info | udp |
| US | 8.8.8.8:53 | rcjsrxxym.org | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | kmcudehty.net | udp |
| US | 8.8.8.8:53 | rqtnbagptr.info | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | zkvwhchn.net | udp |
| US | 8.8.8.8:53 | dsinaazt.net | udp |
| US | 8.8.8.8:53 | wgkgwyv.info | udp |
| US | 8.8.8.8:53 | npfcysr.com | udp |
| US | 8.8.8.8:53 | izdallnnr.net | udp |
| US | 8.8.8.8:53 | lvnxngt.org | udp |
| US | 8.8.8.8:53 | eudgrbr.info | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | hsbbvij.net | udp |
| US | 8.8.8.8:53 | cseafebdz.net | udp |
| US | 8.8.8.8:53 | dbjwxvpudjaq.net | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | ncygjob.org | udp |
| US | 8.8.8.8:53 | ihdttuysvtsf.info | udp |
| US | 8.8.8.8:53 | fflynxkodvrx.net | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | rgnxfmvgd.info | udp |
| US | 8.8.8.8:53 | ywouucio.org | udp |
| US | 8.8.8.8:53 | wgsuma.com | udp |
| US | 8.8.8.8:53 | gnemeibvkmga.net | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | ccbvmtlov.net | udp |
| US | 8.8.8.8:53 | xmnfnshmlik.info | udp |
| US | 8.8.8.8:53 | rrswfdrbpvts.info | udp |
| US | 8.8.8.8:53 | hqrdwt.info | udp |
| US | 8.8.8.8:53 | iiucmioi.org | udp |
| US | 8.8.8.8:53 | bklljpa.info | udp |
| US | 8.8.8.8:53 | zatkpghdjbby.info | udp |
| US | 8.8.8.8:53 | jathakk.com | udp |
| US | 8.8.8.8:53 | rorxuz.net | udp |
| US | 8.8.8.8:53 | aitqbvc.info | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | hhqgdzboa.net | udp |
| US | 8.8.8.8:53 | pzdwoonvvfbp.net | udp |
| US | 8.8.8.8:53 | hvskrgp.com | udp |
| US | 8.8.8.8:53 | sirybi.info | udp |
| US | 8.8.8.8:53 | gjxescawxqw.info | udp |
| US | 8.8.8.8:53 | eoswowoy.org | udp |
| US | 8.8.8.8:53 | ieeosqw.info | udp |
| US | 8.8.8.8:53 | tglfwp.info | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | jnxaaglmxvtt.info | udp |
| US | 8.8.8.8:53 | qsdskgrthg.net | udp |
| US | 8.8.8.8:53 | xpnehaneq.net | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | dprtdswpa.info | udp |
| US | 8.8.8.8:53 | ciqbltpbwjps.net | udp |
| US | 8.8.8.8:53 | lczwbwl.com | udp |
| US | 8.8.8.8:53 | euwqme.com | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | qkuikw.com | udp |
| US | 8.8.8.8:53 | dmdelltgyx.info | udp |
| US | 8.8.8.8:53 | rfrzsqxkupvo.net | udp |
| US | 8.8.8.8:53 | lehwccq.info | udp |
| US | 8.8.8.8:53 | iuaosass.com | udp |
| US | 8.8.8.8:53 | ssdkrnsww.net | udp |
| US | 8.8.8.8:53 | ugugugwkqi.com | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | xvmuvilgbpw.com | udp |
| US | 8.8.8.8:53 | faudsjaz.net | udp |
| US | 8.8.8.8:53 | yborpcroi.net | udp |
| US | 8.8.8.8:53 | aekomskw.org | udp |
| US | 8.8.8.8:53 | edfsxaz.net | udp |
| US | 8.8.8.8:53 | rsvmxqx.com | udp |
| US | 8.8.8.8:53 | vgpnmmdod.info | udp |
| US | 8.8.8.8:53 | xdqwmlzsky.info | udp |
| US | 8.8.8.8:53 | pvpkrop.net | udp |
| US | 8.8.8.8:53 | vdqopwmj.info | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | xxribuywl.com | udp |
| US | 8.8.8.8:53 | igvdmezqf.info | udp |
| US | 8.8.8.8:53 | boxftnzj.info | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | rrvnbr.info | udp |
| US | 8.8.8.8:53 | tkhkmpykrv.info | udp |
| US | 8.8.8.8:53 | pubqxfzpobxa.net | udp |
| US | 8.8.8.8:53 | uhfpakwhg.net | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | iuioekiyqm.org | udp |
| US | 8.8.8.8:53 | hwmgxumed.com | udp |
| US | 8.8.8.8:53 | jkmgksvtsaso.info | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | bnkglyrmquz.com | udp |
| US | 8.8.8.8:53 | gsymkgcq.org | udp |
| US | 8.8.8.8:53 | tvjamwoum.org | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | kocojtdghroj.info | udp |
| US | 8.8.8.8:53 | kmcowrcbqsv.net | udp |
| US | 8.8.8.8:53 | acsutsiglwp.net | udp |
| US | 8.8.8.8:53 | jscepnswt.info | udp |
| US | 8.8.8.8:53 | sesiww.org | udp |
| US | 8.8.8.8:53 | pvqpflfb.net | udp |
| US | 8.8.8.8:53 | jkdjdsukt.net | udp |
| US | 8.8.8.8:53 | xwpgpqdflo.info | udp |
| US | 8.8.8.8:53 | yacgigoemqcy.org | udp |
| US | 8.8.8.8:53 | vbdkvycpez.net | udp |
| US | 8.8.8.8:53 | ozpbbxyihssf.info | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | mffqzcqrxzqy.info | udp |
| US | 8.8.8.8:53 | ceoldj.net | udp |
| US | 8.8.8.8:53 | gqycmugiau.com | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | oynqiorbam.net | udp |
| US | 8.8.8.8:53 | yttuxwfcyy.net | udp |
| US | 8.8.8.8:53 | uakxxs.net | udp |
| US | 8.8.8.8:53 | sbcflwtwa.info | udp |
| US | 8.8.8.8:53 | ynxdfrnwlk.net | udp |
| US | 8.8.8.8:53 | ajhlzlia.net | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | watywwaoiwv.net | udp |
| US | 8.8.8.8:53 | zfoazfbyuh.net | udp |
| US | 8.8.8.8:53 | cdcxbtgcbn.info | udp |
| US | 8.8.8.8:53 | hasduix.org | udp |
| US | 8.8.8.8:53 | lwfaqcduobl.net | udp |
| US | 8.8.8.8:53 | eusywo.com | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | hglnkxvuhoyk.info | udp |
| US | 8.8.8.8:53 | uueqasky.org | udp |
| US | 8.8.8.8:53 | smyuyemuas.org | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | hfwsfqigg.org | udp |
| US | 8.8.8.8:53 | rkxphsltr.net | udp |
| US | 8.8.8.8:53 | zlvwmbrqd.com | udp |
| US | 8.8.8.8:53 | wafujalhu.info | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | jfqeeola.info | udp |
| US | 8.8.8.8:53 | slnfwv.info | udp |
| US | 8.8.8.8:53 | owsgaqgwqasq.org | udp |
| US | 8.8.8.8:53 | sksxqaatrsuf.info | udp |
| US | 8.8.8.8:53 | sanxpcu.info | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | emwcyu.org | udp |
| US | 8.8.8.8:53 | gwxwpjcj.net | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | xzwlfppw.info | udp |
| US | 8.8.8.8:53 | kiswyo.org | udp |
| US | 8.8.8.8:53 | nyxqttsmtpuk.net | udp |
| US | 8.8.8.8:53 | vuhlvoeghaf.net | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | yudnrizah.net | udp |
| US | 8.8.8.8:53 | qwhcqj.info | udp |
| US | 8.8.8.8:53 | uamoka.com | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | qyciek.com | udp |
| US | 8.8.8.8:53 | waynmqykrcmw.net | udp |
| US | 8.8.8.8:53 | bxzzbblcdnar.info | udp |
| US | 8.8.8.8:53 | lfjidgxyzdie.net | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | kkadue.net | udp |
| US | 8.8.8.8:53 | rriosl.info | udp |
| US | 8.8.8.8:53 | wmuogepoy.info | udp |
| US | 8.8.8.8:53 | fkchgxzxfcrp.info | udp |
| US | 8.8.8.8:53 | afjpvqji.net | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | agxjfepe.net | udp |
| US | 8.8.8.8:53 | iypezsvru.info | udp |
| US | 8.8.8.8:53 | kouasfgmljzp.net | udp |
| US | 8.8.8.8:53 | gocycugceamm.com | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | htyxbehinw.net | udp |
| US | 8.8.8.8:53 | lliynip.com | udp |
| US | 8.8.8.8:53 | vgyevumg.net | udp |
| US | 8.8.8.8:53 | hwevtzzy.info | udp |
| US | 8.8.8.8:53 | xxilva.info | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | zwturol.info | udp |
| US | 8.8.8.8:53 | wezqhcjtrwx.net | udp |
| US | 8.8.8.8:53 | iitpjivmy.info | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | bcvendpjqzgc.info | udp |
| US | 8.8.8.8:53 | ommwwsoo.org | udp |
| US | 8.8.8.8:53 | kmchcizb.info | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | mghbelbqb.net | udp |
| US | 8.8.8.8:53 | xhrkcm.net | udp |
| US | 8.8.8.8:53 | cgzqtowog.info | udp |
| US | 8.8.8.8:53 | xisprymyd.org | udp |
| US | 8.8.8.8:53 | rpvrlcnpupqc.info | udp |
| US | 8.8.8.8:53 | owuucyeeiwyu.com | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | mfygtfz.info | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| US | 8.8.8.8:53 | qwjoyhzt.net | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | mbdgpxjkghsq.info | udp |
| US | 8.8.8.8:53 | exzsbk.info | udp |
| US | 8.8.8.8:53 | bzdiddlawz.net | udp |
| US | 8.8.8.8:53 | yszyydx.net | udp |
| US | 8.8.8.8:53 | yjmoaquui.info | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | hgjkxaqblgx.com | udp |
| US | 8.8.8.8:53 | sccljetd.info | udp |
| US | 8.8.8.8:53 | hcfekbeu.info | udp |
| US | 8.8.8.8:53 | giekgyskeiik.org | udp |
| US | 8.8.8.8:53 | hefqtblkxyjf.net | udp |
| US | 8.8.8.8:53 | hethdodqpzl.org | udp |
| US | 8.8.8.8:53 | buradqzjvet.info | udp |
| US | 8.8.8.8:53 | bavppixu.net | udp |
| US | 8.8.8.8:53 | xmejptjt.net | udp |
| US | 8.8.8.8:53 | numkvkx.org | udp |
| US | 8.8.8.8:53 | fkgritslx.org | udp |
| US | 8.8.8.8:53 | dbrddpvr.net | udp |
| US | 8.8.8.8:53 | csouae.org | udp |
| US | 8.8.8.8:53 | sukkwgwymmsw.com | udp |
| US | 8.8.8.8:53 | uqcjez.net | udp |
| US | 8.8.8.8:53 | gqwagymo.org | udp |
| US | 8.8.8.8:53 | wyfkuprkz.net | udp |
| US | 8.8.8.8:53 | eeeiusoc.com | udp |
| US | 8.8.8.8:53 | abnvckjmjwi.info | udp |
| US | 8.8.8.8:53 | wiwwvowob.info | udp |
| US | 8.8.8.8:53 | dtstyn.net | udp |
| US | 8.8.8.8:53 | boigpyzm.info | udp |
| US | 8.8.8.8:53 | zbqtpeerkb.net | udp |
| US | 8.8.8.8:53 | mormovgqnfj.net | udp |
| US | 8.8.8.8:53 | bfhfhdbdge.net | udp |
| US | 8.8.8.8:53 | zuwrljtqss.net | udp |
| US | 8.8.8.8:53 | ncuckg.info | udp |
| US | 8.8.8.8:53 | msaeugqyakco.org | udp |
| US | 8.8.8.8:53 | oktswarrp.net | udp |
| US | 8.8.8.8:53 | vtfvygzckh.info | udp |
| US | 8.8.8.8:53 | rfqbakuoahol.net | udp |
| US | 8.8.8.8:53 | beosaxhkyrqf.net | udp |
| US | 8.8.8.8:53 | zzwpverv.info | udp |
| US | 8.8.8.8:53 | tmrxnmjrkb.net | udp |
| US | 8.8.8.8:53 | uomieuwsgywa.com | udp |
| US | 8.8.8.8:53 | dkbeewi.org | udp |
| US | 8.8.8.8:53 | piqcrvba.info | udp |
| US | 8.8.8.8:53 | fvjbvsafdvxe.net | udp |
| US | 8.8.8.8:53 | pwmpluygkwv.info | udp |
| US | 8.8.8.8:53 | fzkrxmam.info | udp |
| US | 8.8.8.8:53 | mwkcammcessa.com | udp |
| US | 8.8.8.8:53 | sudvtedez.info | udp |
| US | 8.8.8.8:53 | bdrlitmr.net | udp |
| US | 8.8.8.8:53 | weeggwiecyam.org | udp |
| US | 8.8.8.8:53 | fixijml.org | udp |
| US | 8.8.8.8:53 | wcmcgymwia.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
| MD5 | 88a3d7432ff5d5cee011047d7a3acb16 |
| SHA1 | 9c5b95142911b292dc75e120545949a1dca72d12 |
| SHA256 | fa10ed2990ca760fb82fc16facf3d805f1a12ee3a8e5a723844cc1a0e3b88fcb |
| SHA512 | 3d0ff8fe2113ddb3f94bb4f041d7005e11681e4c912ce55f486722adef62df1bd36332fb489a2d61632980ba1f5a60dd8ef71697b21f199611b6010da3ca2147 |
C:\Windows\SysWOW64\ngtqiuqebqtpjlqjmg.exe
| MD5 | bc2c2e6019e42289641123c2db3584dc |
| SHA1 | e7b2c809bf63f0a3a362b2b5e4930a5a1b5c7d9b |
| SHA256 | 9223f4748f528658ba3ac30515cf3ac1817677baaf345441d021e98ebd8891af |
| SHA512 | f31491a41da42f042c41060fa394c5fe36afcb9edb1507d1119936c9f26c79b5a90945393d532b817f1b8007989800e1b823766673f3704154b32cb4ae99af6b |
C:\Users\Admin\AppData\Local\Temp\lstekk.exe
| MD5 | aea48b657074ff550e07304403b29100 |
| SHA1 | f30b7a5f55e05a64208a31605224aaeaa5bfbd35 |
| SHA256 | 51f255bbf586765c73529235200c9e68de80d46c0e3497f53c6efe5e37ffd396 |
| SHA512 | 958d60a7a4a6d62b7d6cdf77f63923870f1805f3197e1a30114844f5caf60c38ec9c99f95eaae57ce42484ab3da8b4d2543ded5512bbeb35b411c3734033eb4d |
C:\Users\Admin\AppData\Local\komuxubaiiwdivlpdimqowzwd.kky
| MD5 | 883f35e71c7ad697018a442c856d40dc |
| SHA1 | f556f7e4a829af42a8d651174753589a12016f80 |
| SHA256 | 9d9a579820c9b1f6670edc8cdd88c2cc99ec111c21b1e06a469428b888806a87 |
| SHA512 | 86ebf70ea10c36285bcc7e4385187ecee2268c0f69b3d94645a60b742a5c629143b1b1173f3461b94466de80675e7e976d70d33983e8ec1ca4dc08669d9355e7 |
C:\Users\Admin\AppData\Local\pengucuexihzpnodcshwfymumwpazrhfgvuk.oxq
| MD5 | bbcb9c61de2fead078d367999a008d84 |
| SHA1 | 001b25502a0aa4b3b7b1c2aec304df9524d04622 |
| SHA256 | 1b49afffe996a41db1eaa1a28fddec333b134038db07c6cb6920964dfe3d8817 |
| SHA512 | 21bf756dbe6dcf8f10b03a1b2b8cc688970f9576142335cf87b2ed6c5ec99fca5a9541ad6209350c22e031f1c90a6ef4e71425ec57e725a6157918d8138b9099 |
C:\Program Files (x86)\komuxubaiiwdivlpdimqowzwd.kky
| MD5 | 26a36d35cfa38ce71a16b51e6ebf8a95 |
| SHA1 | eb3cd9e420f8e3674347f8e0218946b898d9b8bc |
| SHA256 | b0d749485319438ad14b8a872e4126966a15afdbc558c54e338417c73e36cbec |
| SHA512 | a6f9341a364defd262cd14769e70b0d1bdf7275d630ee7373337b26b3c03803892ec7cc9abaec2cd594ec07fcbd6c85eb432ed93787d5aebfe7931ea418cb4a0 |
C:\Program Files (x86)\komuxubaiiwdivlpdimqowzwd.kky
| MD5 | 27a3a2561fce17daf7a2a005eb0fb2b2 |
| SHA1 | 8477cbf147b46b9350e5d79fe6445c0847de9d91 |
| SHA256 | aa99d3a571781d7b4d19f0861a36eb68e536eb46ef408205e3757456d0c01784 |
| SHA512 | 982203f0e41f7a430eb04f15375ff66da7ef8e3a5ee49bfc2da710b744b082cd3cc0de3dcf09ba4d35df5edbe8c9e2c0a968fff6427edfe2591e39aeb221c4ed |
C:\Program Files (x86)\komuxubaiiwdivlpdimqowzwd.kky
| MD5 | f0f27964321abd49aa5ee267d78f14af |
| SHA1 | 76ad7387cedeeb380ebf9854a090913355a5d78d |
| SHA256 | ecb16faa4eec922b1510bfefca65f4edf747cd258a8b6a4b9f9f777a22d2d608 |
| SHA512 | 89fec8322578668954b12f95fb423a7a18852f49e3a54b76609607126130de55219c16cf3b35a8478b9b4d92f7eb22d25e09450f4ba722dd5f88c5e50652039a |
C:\Program Files (x86)\komuxubaiiwdivlpdimqowzwd.kky
| MD5 | 341e61c7e1f076c39c5e92ed3d17a9d4 |
| SHA1 | 2fb76fd740e370e921c023ad986716e4b50bf971 |
| SHA256 | 1f85144cef6ac30e2069c6f587049fd6a9dc334e0887c386cf64b2d3eaa23f4f |
| SHA512 | a2a66242b3861cba74a77ebfe68b8aa26f029c2c975b05191f4abe66518f58e61a20b1dd15152d1eb705d60d6959ab4cc69dd26978059cabd0e88fffd49dc0d7 |
C:\Program Files (x86)\komuxubaiiwdivlpdimqowzwd.kky
| MD5 | a09fe09823cbf8f2b2f7cbdd6c145d53 |
| SHA1 | c3b3e638ece81959cbbe8689442ec6903f41869b |
| SHA256 | 5cb1116b3790f7660d05abe2d48596dc71ec231836b5d4a4a2ccef7205d28f39 |
| SHA512 | 65b59012ba14a2a7a1ff1cac19e06e698e57206a008e3a6378554d4a053abc4bc2f3517004b48640bba8c2a545e5aeae8ce1fa85400327da7608003e8c289edc |
C:\Program Files (x86)\komuxubaiiwdivlpdimqowzwd.kky
| MD5 | beca6599d14614cef223e120cafef033 |
| SHA1 | 983f1fe0b2d6f4f225c5b66811bf067d05a3454b |
| SHA256 | dd29ce2a68b7c44b9ada1f4c58641a50014a7ba76a06a6672516170b09c76c8b |
| SHA512 | 196e91a9aa73b6c32c52acf6bb45c748533798ad106aab149350186b3360371d653e344f10bd9992900f6c30952660e5304b90cf91d8bf9ec4fca95c7f2fac19 |