Analysis Overview
SHA256
36f7aefe30f8fdda2c6a568efa39ed27bd09956fc7123a034285cf8e5f0d91a7
Threat Level: Known bad
The file JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4 was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Pykspa
Modifies WinLogon for persistence
Pykspa family
Detect Pykspa worm
Adds policy Run key to start application
Disables RegEdit via registry modification
Executes dropped EXE
Checks computer location settings
Impair Defenses: Safe Mode Boot
Hijack Execution Flow: Executable Installer File Permissions Weakness
Looks up external IP address via web service
Checks whether UAC is enabled
Adds Run key to start application
Drops file in System32 directory
Drops autorun.inf file
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
System policy modification
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-18 07:03
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2025-04-18 07:03
Reported
2025-04-18 07:06
Platform
win11-20250410-en
Max time kernel
53s
Max time network
151s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "odzkixqiadxepfvivi.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "ylfokxoeuvnsbpdo.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "mdboofauotpyldvkzofd.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "ftoyvjbsjlekujykw.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odzkixqiadxepfvivi.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpmyxnhatxsamduiwka.exe" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btsghzvqlroymfyoeumlz.exe" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "odzkixqiadxepfvivi.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "odzkixqiadxepfvivi.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "btsghzvqlroymfyoeumlz.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "ftoyvjbsjlekujykw.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odzkixqiadxepfvivi.exe" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "mdboofauotpyldvkzofd.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftoyvjbsjlekujykw.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "ylfokxoeuvnsbpdo.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btsghzvqlroymfyoeumlz.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btsghzvqlroymfyoeumlz.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "btsghzvqlroymfyoeumlz.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odzkixqiadxepfvivi.exe" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "odzkixqiadxepfvivi.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odzkixqiadxepfvivi.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpmyxnhatxsamduiwka.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "ylfokxoeuvnsbpdo.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odzkixqiadxepfvivi.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftoyvjbsjlekujykw.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "zpmyxnhatxsamduiwka.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpmyxnhatxsamduiwka.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "ylfokxoeuvnsbpdo.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "ftoyvjbsjlekujykw.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odzkixqiadxepfvivi.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftoyvjbsjlekujykw.exe" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "zpmyxnhatxsamduiwka.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "mdboofauotpyldvkzofd.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "mdboofauotpyldvkzofd.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odzkixqiadxepfvivi.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "zpmyxnhatxsamduiwka.exe" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "ylfokxoeuvnsbpdo.exe" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btsghzvqlroymfyoeumlz.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mpzykn = "mdboofauotpyldvkzofd.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpmyxnhatxsamduiwka.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odzkixqiadxepfvivi.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\otfguziq = "mdboofauotpyldvkzofd.exe ." | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\stby = "btsghzvqlroymfyoeumlz.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\stby = "btsghzvqlroymfyoeumlz.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\stby = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpmyxnhatxsamduiwka.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yftwmteoyt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\zdoobfn = "ftoyvjbsjlekujykw.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\stby = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yftwmteoyt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\flyapvfox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yftwmteoyt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftoyvjbsjlekujykw.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\stby = "mdboofauotpyldvkzofd.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\stby = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpmyxnhatxsamduiwka.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "zpmyxnhatxsamduiwka.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\zdoobfn = "zpmyxnhatxsamduiwka.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\flyapvfox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\otfguziq = "mdboofauotpyldvkzofd.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\flyapvfox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odzkixqiadxepfvivi.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yftwmteoyt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpmyxnhatxsamduiwka.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\stby = "ftoyvjbsjlekujykw.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\zdoobfn = "btsghzvqlroymfyoeumlz.exe" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\zdoobfn = "ftoyvjbsjlekujykw.exe" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\stby = "odzkixqiadxepfvivi.exe" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\stby = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btsghzvqlroymfyoeumlz.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\otfguziq = "ylfokxoeuvnsbpdo.exe ." | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\stby = "ylfokxoeuvnsbpdo.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\flyapvfox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "ftoyvjbsjlekujykw.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\flyapvfox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\otfguziq = "zpmyxnhatxsamduiwka.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yftwmteoyt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\zdoobfn = "zpmyxnhatxsamduiwka.exe" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yftwmteoyt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpmyxnhatxsamduiwka.exe" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yftwmteoyt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yftwmteoyt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ylfokxoeuvnsbpdo.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btsghzvqlroymfyoeumlz.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\otfguziq = "btsghzvqlroymfyoeumlz.exe ." | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\stby = "odzkixqiadxepfvivi.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\zdoobfn = "ftoyvjbsjlekujykw.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\flyapvfox = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odzkixqiadxepfvivi.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\stby = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftoyvjbsjlekujykw.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "ylfokxoeuvnsbpdo.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\stby = "mdboofauotpyldvkzofd.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\otfguziq = "btsghzvqlroymfyoeumlz.exe ." | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\stby = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\otfguziq = "btsghzvqlroymfyoeumlz.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\otfguziq = "btsghzvqlroymfyoeumlz.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\otfguziq = "odzkixqiadxepfvivi.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\stby = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "ylfokxoeuvnsbpdo.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\stby = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftoyvjbsjlekujykw.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\stby = "btsghzvqlroymfyoeumlz.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "zpmyxnhatxsamduiwka.exe ." | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\stby = "odzkixqiadxepfvivi.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\zdoobfn = "ylfokxoeuvnsbpdo.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\stby = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftoyvjbsjlekujykw.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\Run\zdoobfn = "ftoyvjbsjlekujykw.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "odzkixqiadxepfvivi.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bdmkv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdboofauotpyldvkzofd.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\otfguziq = "zpmyxnhatxsamduiwka.exe ." | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yftwmteoyt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btsghzvqlroymfyoeumlz.exe" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File opened for modification | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File created | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\btsghzvqlroymfyoeumlz.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ftoyvjbsjlekujykw.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mdboofauotpyldvkzofd.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mdboofauotpyldvkzofd.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ylfokxoeuvnsbpdo.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ftoyvjbsjlekujykw.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sllacvsokrpapjdulcvvkm.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ftoyvjbsjlekujykw.exe | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sllacvsokrpapjdulcvvkm.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ylfokxoeuvnsbpdo.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zpmyxnhatxsamduiwka.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\btsghzvqlroymfyoeumlz.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mdboofauotpyldvkzofd.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zpmyxnhatxsamduiwka.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ylfokxoeuvnsbpdo.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zpmyxnhatxsamduiwka.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ylfokxoeuvnsbpdo.exe | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ylfokxoeuvnsbpdo.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\btsghzvqlroymfyoeumlz.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ftoyvjbsjlekujykw.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zpmyxnhatxsamduiwka.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mdboofauotpyldvkzofd.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ylfokxoeuvnsbpdo.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mdboofauotpyldvkzofd.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zpmyxnhatxsamduiwka.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mdboofauotpyldvkzofd.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sllacvsokrpapjdulcvvkm.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\btsghzvqlroymfyoeumlz.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sllacvsokrpapjdulcvvkm.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\btsghzvqlroymfyoeumlz.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zpmyxnhatxsamduiwka.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ftoyvjbsjlekujykw.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sllacvsokrpapjdulcvvkm.exe | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mdboofauotpyldvkzofd.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ylfokxoeuvnsbpdo.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\btsghzvqlroymfyoeumlz.exe | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sllacvsokrpapjdulcvvkm.exe | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ftoyvjbsjlekujykw.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ftoyvjbsjlekujykw.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sllacvsokrpapjdulcvvkm.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\btsghzvqlroymfyoeumlz.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\btsghzvqlroymfyoeumlz.exe | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qbtaufuiwvlovhtclufxeyjymazpszlxgpyj.icn | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File created | C:\Windows\SysWOW64\qbtaufuiwvlovhtclufxeyjymazpszlxgpyj.icn | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sllacvsokrpapjdulcvvkm.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zpmyxnhatxsamduiwka.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\btsghzvqlroymfyoeumlz.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sllacvsokrpapjdulcvvkm.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mdboofauotpyldvkzofd.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sllacvsokrpapjdulcvvkm.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zpmyxnhatxsamduiwka.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ftoyvjbsjlekujykw.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ylfokxoeuvnsbpdo.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\llsoxxbehvasopqomkkrnwwad.uzr | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File created | C:\Program Files (x86)\llsoxxbehvasopqomkkrnwwad.uzr | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File opened for modification | C:\Program Files (x86)\qbtaufuiwvlovhtclufxeyjymazpszlxgpyj.icn | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File created | C:\Program Files (x86)\qbtaufuiwvlovhtclufxeyjymazpszlxgpyj.icn | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\btsghzvqlroymfyoeumlz.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\sllacvsokrpapjdulcvvkm.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\btsghzvqlroymfyoeumlz.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\odzkixqiadxepfvivi.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\mdboofauotpyldvkzofd.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\odzkixqiadxepfvivi.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\ftoyvjbsjlekujykw.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\btsghzvqlroymfyoeumlz.exe | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File opened for modification | C:\Windows\sllacvsokrpapjdulcvvkm.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\odzkixqiadxepfvivi.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\sllacvsokrpapjdulcvvkm.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\mdboofauotpyldvkzofd.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\zpmyxnhatxsamduiwka.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\mdboofauotpyldvkzofd.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\zpmyxnhatxsamduiwka.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\odzkixqiadxepfvivi.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\odzkixqiadxepfvivi.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\btsghzvqlroymfyoeumlz.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\sllacvsokrpapjdulcvvkm.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\ylfokxoeuvnsbpdo.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\mdboofauotpyldvkzofd.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\ftoyvjbsjlekujykw.exe | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File opened for modification | C:\Windows\sllacvsokrpapjdulcvvkm.exe | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File opened for modification | C:\Windows\llsoxxbehvasopqomkkrnwwad.uzr | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File opened for modification | C:\Windows\odzkixqiadxepfvivi.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\zpmyxnhatxsamduiwka.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\mdboofauotpyldvkzofd.exe | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File opened for modification | C:\Windows\odzkixqiadxepfvivi.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\ylfokxoeuvnsbpdo.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\ylfokxoeuvnsbpdo.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\sllacvsokrpapjdulcvvkm.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\mdboofauotpyldvkzofd.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\mdboofauotpyldvkzofd.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\sllacvsokrpapjdulcvvkm.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\sllacvsokrpapjdulcvvkm.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\ylfokxoeuvnsbpdo.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\mdboofauotpyldvkzofd.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\mdboofauotpyldvkzofd.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\mdboofauotpyldvkzofd.exe | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File opened for modification | C:\Windows\btsghzvqlroymfyoeumlz.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\ylfokxoeuvnsbpdo.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\zpmyxnhatxsamduiwka.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\zpmyxnhatxsamduiwka.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\btsghzvqlroymfyoeumlz.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\mdboofauotpyldvkzofd.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\btsghzvqlroymfyoeumlz.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\zpmyxnhatxsamduiwka.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\mdboofauotpyldvkzofd.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\odzkixqiadxepfvivi.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\ylfokxoeuvnsbpdo.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\ftoyvjbsjlekujykw.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\zpmyxnhatxsamduiwka.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\mdboofauotpyldvkzofd.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\zpmyxnhatxsamduiwka.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\ftoyvjbsjlekujykw.exe | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File created | C:\Windows\llsoxxbehvasopqomkkrnwwad.uzr | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File opened for modification | C:\Windows\ftoyvjbsjlekujykw.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\zpmyxnhatxsamduiwka.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\ylfokxoeuvnsbpdo.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\odzkixqiadxepfvivi.exe | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File opened for modification | C:\Windows\zpmyxnhatxsamduiwka.exe | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| File opened for modification | C:\Windows\zpmyxnhatxsamduiwka.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\ftoyvjbsjlekujykw.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| File opened for modification | C:\Windows\sllacvsokrpapjdulcvvkm.exe | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ftoyvjbsjlekujykw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mdboofauotpyldvkzofd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\odzkixqiadxepfvivi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ylfokxoeuvnsbpdo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ylfokxoeuvnsbpdo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\btsghzvqlroymfyoeumlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\odzkixqiadxepfvivi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zpmyxnhatxsamduiwka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\odzkixqiadxepfvivi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\odzkixqiadxepfvivi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ftoyvjbsjlekujykw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ftoyvjbsjlekujykw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zpmyxnhatxsamduiwka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mdboofauotpyldvkzofd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\odzkixqiadxepfvivi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ftoyvjbsjlekujykw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ftoyvjbsjlekujykw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\btsghzvqlroymfyoeumlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\odzkixqiadxepfvivi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ylfokxoeuvnsbpdo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\odzkixqiadxepfvivi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mdboofauotpyldvkzofd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mdboofauotpyldvkzofd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mdboofauotpyldvkzofd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\btsghzvqlroymfyoeumlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ftoyvjbsjlekujykw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ftoyvjbsjlekujykw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ylfokxoeuvnsbpdo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\btsghzvqlroymfyoeumlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\btsghzvqlroymfyoeumlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\btsghzvqlroymfyoeumlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zpmyxnhatxsamduiwka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ylfokxoeuvnsbpdo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ylfokxoeuvnsbpdo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zpmyxnhatxsamduiwka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ylfokxoeuvnsbpdo.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\bdmkv.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe"
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."
C:\Users\Admin\AppData\Local\Temp\bdmkv.exe
"C:\Users\Admin\AppData\Local\Temp\bdmkv.exe" "-C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe"
C:\Users\Admin\AppData\Local\Temp\bdmkv.exe
"C:\Users\Admin\AppData\Local\Temp\bdmkv.exe" "-C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe .
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe .
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe .
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe .
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe .
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe .
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe .
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\zpmyxnhatxsamduiwka.exe*."
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mdboofauotpyldvkzofd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ylfokxoeuvnsbpdo.exe
C:\Windows\ylfokxoeuvnsbpdo.exe
ylfokxoeuvnsbpdo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\zpmyxnhatxsamduiwka.exe*."
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdboofauotpyldvkzofd.exe .
C:\Windows\mdboofauotpyldvkzofd.exe
mdboofauotpyldvkzofd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mdboofauotpyldvkzofd.exe*."
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mavticomyqvpwhxnan.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe
C:\Users\Admin\AppData\Local\Temp\btsghzvqlroymfyoeumlz.exe .
C:\Windows\mavticomyqvpwhxnan.exe
mavticomyqvpwhxnan.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dqkhvozwhycvblapb.exe .
C:\Windows\dqkhvozwhycvblapb.exe
dqkhvozwhycvblapb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xmihxsferkqltfwnbpb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mavticomyqvpwhxnan.exe .
C:\Windows\xmihxsferkqltfwnbpb.exe
xmihxsferkqltfwnbpb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\dqkhvozwhycvblapb.exe*."
C:\Windows\mavticomyqvpwhxnan.exe
mavticomyqvpwhxnan.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xmihxsferkqltfwnbpb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wibxkcmisildirft.exe .
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\mavticomyqvpwhxnan.exe*."
C:\Users\Admin\AppData\Local\Temp\xmihxsferkqltfwnbpb.exe
C:\Users\Admin\AppData\Local\Temp\xmihxsferkqltfwnbpb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\wibxkcmisildirft.exe
C:\Users\Admin\AppData\Local\Temp\wibxkcmisildirft.exe .
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\wibxkcmisildirft.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mavticomyqvpwhxnan.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\ftoyvjbsjlekujykw.exe*."
C:\Windows\ftoyvjbsjlekujykw.exe
ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\mavticomyqvpwhxnan.exe
C:\Users\Admin\AppData\Local\Temp\mavticomyqvpwhxnan.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mavticomyqvpwhxnan.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mavticomyqvpwhxnan.exe
C:\Users\Admin\AppData\Local\Temp\mavticomyqvpwhxnan.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe .
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\mdboofauotpyldvkzofd.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\mavticomyqvpwhxnan.exe*."
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ftoyvjbsjlekujykw.exe*."
C:\Users\Admin\AppData\Local\Temp\xakxbkl.exe
"C:\Users\Admin\AppData\Local\Temp\xakxbkl.exe" "-C:\Users\Admin\AppData\Local\Temp\wibxkcmisildirft.exe"
C:\Users\Admin\AppData\Local\Temp\xakxbkl.exe
"C:\Users\Admin\AppData\Local\Temp\xakxbkl.exe" "-C:\Users\Admin\AppData\Local\Temp\wibxkcmisildirft.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odzkixqiadxepfvivi.exe .
C:\Windows\odzkixqiadxepfvivi.exe
odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\odzkixqiadxepfvivi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpmyxnhatxsamduiwka.exe
C:\Windows\zpmyxnhatxsamduiwka.exe
zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btsghzvqlroymfyoeumlz.exe .
C:\Windows\btsghzvqlroymfyoeumlz.exe
btsghzvqlroymfyoeumlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Users\Admin\AppData\Local\Temp\zpmyxnhatxsamduiwka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\windows\btsghzvqlroymfyoeumlz.exe*."
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe
C:\Users\Admin\AppData\Local\Temp\ylfokxoeuvnsbpdo.exe .
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\ylfokxoeuvnsbpdo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Users\Admin\AppData\Local\Temp\ftoyvjbsjlekujykw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe
C:\Users\Admin\AppData\Local\Temp\odzkixqiadxepfvivi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kaxxokyymgnjsfxpetgw.exe
C:\Windows\kaxxokyymgnjsfxpetgw.exe
kaxxokyymgnjsfxpetgw.exe
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
"C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe" "c:\users\admin\appdata\local\temp\odzkixqiadxepfvivi.exe*."
C:\Users\Admin\AppData\Local\Temp\xakxbkl.exe
"C:\Users\Admin\AppData\Local\Temp\xakxbkl.exe" "-C:\Users\Admin\AppData\Local\Temp\wibxkcmisildirft.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dqkhvozwhycvblapb.exe .
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| FR | 52.222.159.143:80 | www.imdb.com | tcp |
| GB | 77.97.178.13:26660 | tcp | |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| GB | 77.97.178.13:26660 | tcp | |
| US | 8.8.8.8:53 | ghqecof.net | udp |
| US | 8.8.8.8:53 | fwjnhgj.org | udp |
| US | 8.8.8.8:53 | lwnfhv.info | udp |
| US | 8.8.8.8:53 | hggkhe.info | udp |
| US | 8.8.8.8:53 | nlfhemwoyltl.net | udp |
| US | 8.8.8.8:53 | zbpylasyr.com | udp |
| US | 8.8.8.8:53 | whlulmi.info | udp |
| US | 8.8.8.8:53 | srdipsinfgfu.info | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | bzrfqkesaviu.net | udp |
| US | 8.8.8.8:53 | flhdrjs.net | udp |
| US | 8.8.8.8:53 | pqzlqirz.net | udp |
| US | 8.8.8.8:53 | srdvudhs.net | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | fjfseh.net | udp |
| US | 8.8.8.8:53 | zmrepgnoibe.info | udp |
| US | 8.8.8.8:53 | easqikv.info | udp |
| US | 8.8.8.8:53 | kiursdmc.net | udp |
| US | 8.8.8.8:53 | iksgmw.com | udp |
| US | 8.8.8.8:53 | lgmqzezefhc.info | udp |
| US | 8.8.8.8:53 | snvbubj.info | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | syfylgo.net | udp |
| US | 8.8.8.8:53 | jmhefjn.info | udp |
| US | 8.8.8.8:53 | ashwsez.info | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | yipsoauimwp.info | udp |
| US | 8.8.8.8:53 | rcwjsgjarm.info | udp |
| US | 8.8.8.8:53 | dqdylmbtdmds.info | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | xrjshdpogxk.net | udp |
| US | 8.8.8.8:53 | pwsgxhuhlqtd.net | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | smwkws.org | udp |
| US | 8.8.8.8:53 | syzxnoht.net | udp |
| US | 8.8.8.8:53 | yvteivhyhx.net | udp |
| US | 8.8.8.8:53 | uokwkaua.com | udp |
| US | 8.8.8.8:53 | yuqguewosq.org | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | xqpmcubia.net | udp |
| US | 8.8.8.8:53 | okyymiciyo.org | udp |
| US | 8.8.8.8:53 | lhfaigrgz.info | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | qyffooarp.info | udp |
| US | 8.8.8.8:53 | bidenmp.org | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | wkvqgpfvda.net | udp |
| US | 8.8.8.8:53 | uzxilzref.net | udp |
| US | 8.8.8.8:53 | mtjmoum.net | udp |
| US | 8.8.8.8:53 | joulxid.com | udp |
| US | 8.8.8.8:53 | vehuxguwz.info | udp |
| US | 8.8.8.8:53 | pweetvxafcx.info | udp |
| US | 8.8.8.8:53 | giekgyskeiik.org | udp |
| US | 8.8.8.8:53 | swoxvejwb.net | udp |
| US | 8.8.8.8:53 | jgnqbghax.org | udp |
| US | 8.8.8.8:53 | wvorjtbjbt.net | udp |
| US | 8.8.8.8:53 | lcqcmyuhvmq.net | udp |
| US | 8.8.8.8:53 | wkboqmlkagn.info | udp |
| US | 8.8.8.8:53 | lwkwhoowx.net | udp |
| US | 8.8.8.8:53 | hqqotujbjqz.info | udp |
| US | 8.8.8.8:53 | qzvoloa.info | udp |
| US | 8.8.8.8:53 | znlgvyj.info | udp |
| US | 8.8.8.8:53 | njsgbi.net | udp |
| US | 8.8.8.8:53 | eaeyjeuwpxp.info | udp |
| US | 8.8.8.8:53 | zchklmfhd.info | udp |
| US | 8.8.8.8:53 | ncuckg.info | udp |
| US | 8.8.8.8:53 | dexkzyppdjdx.info | udp |
| US | 8.8.8.8:53 | tmrxnmjrkb.net | udp |
| US | 8.8.8.8:53 | uomieuwsgywa.com | udp |
| US | 8.8.8.8:53 | jnieqvmh.net | udp |
| US | 8.8.8.8:53 | fzkrxmam.info | udp |
| US | 8.8.8.8:53 | xofxrc.net | udp |
| US | 8.8.8.8:53 | wytsbmvhy.net | udp |
| US | 8.8.8.8:53 | hwtdln.info | udp |
| US | 8.8.8.8:53 | fixijml.org | udp |
| US | 8.8.8.8:53 | dcxxwiokgmp.net | udp |
| US | 8.8.8.8:53 | dinwvxrwc.org | udp |
| US | 8.8.8.8:53 | bvrlxiawb.net | udp |
Files
C:\Users\Admin\AppData\Local\Temp\cpptclrxmzz.exe
| MD5 | f05247bae2f7e2befdebd7d8382063dc |
| SHA1 | e9ddb54fe5f9e6c118cbb805fedaeb279c275f54 |
| SHA256 | f0f87759bf34ead91d50f10084c3c923038f63664b5addc0ef2d537064ce200f |
| SHA512 | acf4c6fa42b5843d0f41a0e64a78d26fffb7170051179a20cd0c6b38a6227d42f24abd2ddd5b1915c0d45d9d3c9fd4db5b21cf4c32b3219903fc6d323f5e0b51 |
C:\Windows\SysWOW64\odzkixqiadxepfvivi.exe
| MD5 | bd0b66050d49b213e682c9f3dbddd4f4 |
| SHA1 | 3e6dc7c446dc88cd3b9aa237c8d4836bff134a18 |
| SHA256 | 36f7aefe30f8fdda2c6a568efa39ed27bd09956fc7123a034285cf8e5f0d91a7 |
| SHA512 | 7d0b3e9d573564d7d937b9ec83f21682a692c5ddb3797b155866b7620ecfebd6d2e444ab6d5a3f17b0d15a2db6af11f84aedfc93671c68d239cd2236c3b75ffa |
C:\Users\Admin\AppData\Local\Temp\bdmkv.exe
| MD5 | 26b6b6241a89e767f3ec1a5b7dc53c0c |
| SHA1 | 8c0aa7286ee9bd03ca57d4738a2a0f3532dfac78 |
| SHA256 | 512ed7fa66a3fc5b6835e9d06116d47455723d9710cdd4a1689a8a426630c247 |
| SHA512 | 90a15bf41aea1d4ed920f6b204930bb9d3cc16e437270a32c42f1abe940ef747d5178703724c46e20c125d7bc1ba2e35934c73b61004e0eec4079f46f965626f |
C:\Users\Admin\AppData\Local\llsoxxbehvasopqomkkrnwwad.uzr
| MD5 | 55e890492ab332696ccbb371a5cc9f11 |
| SHA1 | 6e0c7bb57ec997a441e9955edb33a934da43b4eb |
| SHA256 | b64f01af5d4c445e8ce049a098838cfadf87efecd596bd070d21d193a4a42e2c |
| SHA512 | 49239990a55cfa8de2d81d537cb30108584c5df3645950a049ca6aed332a27c716ca0062ebf7e348b4d0e8e361ddcb7458d2972d9818f294ebc7d8f62508e4d6 |
C:\Users\Admin\AppData\Local\qbtaufuiwvlovhtclufxeyjymazpszlxgpyj.icn
| MD5 | d49a1dfe4144826cc7cfa8bf684ca76b |
| SHA1 | a9b83f92e5174d11f481ae0410d35630a9b942ff |
| SHA256 | 48f639d73e37e291bcb50cd55f4179dd1da693b5e244033d3050bbcdc4bb14d5 |
| SHA512 | fd37d6b40e4a391bed5e8edfaea5d7f91aec8e872bcb03a0c71ab10f6f1b47a5a1486c966bc7c6f534ad9abae67eac7c83f6e3fa2f93b5a99ce26abc61e418b0 |
C:\Program Files (x86)\llsoxxbehvasopqomkkrnwwad.uzr
| MD5 | 5538f6bdc08b44cf3f7272d016ba8384 |
| SHA1 | f5e73994a8c03dc1ba51fd58d411772a84fe3b86 |
| SHA256 | 45920b74b3a8252e0cd24f6e5b078d4ee67e27d10e21c5c17faf5be2b57a27bd |
| SHA512 | 86cc6793533b2c6d4cc1a05a058eeaf98f6e73beb6c6c7263709630e7547c871f443a15321002d2d343a16bbbfa2acd32bbc9f551847891c3531c32ba71ae1c0 |
C:\Program Files (x86)\llsoxxbehvasopqomkkrnwwad.uzr
| MD5 | b64b48960b2a7440e915fd482552768a |
| SHA1 | ede3542d60622cf4bdf50b4baf31937155c7e911 |
| SHA256 | e0241377f12979e4260f1293060d9a130e76272fe03c3dcf5beed1263c909b8a |
| SHA512 | da6430cd70d2c6192d6fa670ed3bd7b25652c8c1caed19e4258f3925256ea8aa63888b308e8b5fb8aec7a02d515db7132cd27407243ea07df4b245125edfaa90 |
C:\Program Files (x86)\llsoxxbehvasopqomkkrnwwad.uzr
| MD5 | 6ce56e32e7e82f732c963b7573ab0948 |
| SHA1 | 2bcc6b2c30d88d370db9f5d5b881da1d19278a58 |
| SHA256 | 688bdb4bd634eb62a981ed45cca9df4fcf40b59fd0fa1155732c883c7c69588b |
| SHA512 | 4866ed85293bbceb1dda1a915c59b6fd82c048f1bb4a40277f4728fed82a3b22ffa57ace1d1080a8a9c60881b9952a27bda14763845e3f8d956a4c93a8f6d384 |
C:\Program Files (x86)\llsoxxbehvasopqomkkrnwwad.uzr
| MD5 | 961e20c0afe4e8fc7592ad3bcbcd8603 |
| SHA1 | fcdeb5c06bc3f21239568eca71c9b8f83d171394 |
| SHA256 | 5de52411c43416f99d86220324ccff2efc5e2f33c9cf68d128bf422c4703fcf7 |
| SHA512 | f4fd51bd0845ae9aa73f12a7403ca9c53f51aa2eb5c3e7ea301befff956d212b76aedc7a762e8c6815fd1ac3b65385c0088421681f6623fec9947a5410f32335 |
C:\Program Files (x86)\llsoxxbehvasopqomkkrnwwad.uzr
| MD5 | e010762f703df24fd612bea538b06c9b |
| SHA1 | add8886e095bec92adff8a5d4ed6b1c507d83c45 |
| SHA256 | 67842116bcbe701c6368a7746b3e6d2866f2fadc32bf1493ee69d07a7f47292f |
| SHA512 | 797cd3c4ecf18cd5bc85cb1bf1b9388967754098d3ac893bb980fa26149c04f26856b713eca155ee4846940cf1c94264627bc1e14da97e665012f5c101a005ce |
C:\Program Files (x86)\llsoxxbehvasopqomkkrnwwad.uzr
| MD5 | 29f1f6e3868734ffbd9babbd02be8b13 |
| SHA1 | b179f4c219efa64c7312df7efd1f429601d7e17f |
| SHA256 | 92f85e00b7bcd17c365cea4d59db53f6e0b50004a4ba2588b18f24338a4c2d7c |
| SHA512 | 1600adec41a727211e2a166b6d0eed961890fa257511c565f7cfa33113ab9a88cfc1f2fa8411e21029a75d07e65efd529e186ad3a0908c6c5df4eaa59de03284 |
C:\Program Files (x86)\llsoxxbehvasopqomkkrnwwad.uzr
| MD5 | 20789a45f97cd972405be04ccf4695a2 |
| SHA1 | cdfcb5b5419a161af265813a0df1506240dd85be |
| SHA256 | 6bcac48f5ad06877459ecadc2b997cd7b3665c11c12b361a7054a692f4bdb1d5 |
| SHA512 | f71aa339ecf4bdfdf6e20fb41e2639365a1c0be556deb2742b94ac55b100d3c4780ff40fb9d8c8c3a42980f4c121b2a03bb7e3db82ec47d017d1b06f518ae600 |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-18 07:03
Reported
2025-04-18 07:06
Platform
win10v2004-20250410-en
Max time kernel
39s
Max time network
154s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "rduscxoecruqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "rduscxoecruqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etnobztmnflkcetyjoshb.exe" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "blawexmawjkeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "itjgpjzolzbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etnobztmnflkcetyjoshb.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cphgrnfwvlpmccpsbeg.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "itjgpjzolzbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "blawexmawjkeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "pdwwifyqqhmkbcqueilz.exe" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "pdwwifyqqhmkbcqueilz.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "blawexmawjkeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "cphgrnfwvlpmccpsbeg.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "cphgrnfwvlpmccpsbeg.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itjgpjzolzbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "pdwwifyqqhmkbcqueilz.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blawexmawjkeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "pdwwifyqqhmkbcqueilz.exe" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "etnobztmnflkcetyjoshb.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cphgrnfwvlpmccpsbeg.exe" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "etnobztmnflkcetyjoshb.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "rduscxoecruqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itjgpjzolzbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "blawexmawjkeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "itjgpjzolzbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "etnobztmnflkcetyjoshb.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blawexmawjkeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itjgpjzolzbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itjgpjzolzbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\edhsp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rtaoozgm = "etnobztmnflkcetyjoshb.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\blawexmawjkeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\itjgpjzolzbwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\etnobztmnflkcetyjoshb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\rduscxoecruqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\itjgpjzolzbwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\etnobztmnflkcetyjoshb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\blawexmawjkeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\itjgpjzolzbwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\itjgpjzolzbwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\pdwwifyqqhmkbcqueilz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\itjgpjzolzbwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\pdwwifyqqhmkbcqueilz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\etnobztmnflkcetyjoshb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\rduscxoecruqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\rduscxoecruqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\etnobztmnflkcetyjoshb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\rduscxoecruqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\itjgpjzolzbwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\blawexmawjkeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\pdwwifyqqhmkbcqueilz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\itjgpjzolzbwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\rduscxoecruqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\pdwwifyqqhmkbcqueilz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\rduscxoecruqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\rduscxoecruqfeqsac.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blawexmawjkeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzkcgvgqiroe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bfoegtckah = "itjgpjzolzbwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bfoegtckah = "pdwwifyqqhmkbcqueilz.exe ." | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iltijvdkz = "rduscxoecruqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ppugen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etnobztmnflkcetyjoshb.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ppugen = "pdwwifyqqhmkbcqueilz.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ppugen = "blawexmawjkeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cphgrnfwvlpmccpsbeg.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ppugen = "etnobztmnflkcetyjoshb.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzkcgvgqiroe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "blawexmawjkeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iltijvdkz = "rduscxoecruqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ppugen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ppugen = "pdwwifyqqhmkbcqueilz.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "itjgpjzolzbwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iltijvdkz = "itjgpjzolzbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzkcgvgqiroe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cphgrnfwvlpmccpsbeg.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "blawexmawjkeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ppugen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iltijvdkz = "etnobztmnflkcetyjoshb.exe" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "rduscxoecruqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iltijvdkz = "etnobztmnflkcetyjoshb.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bfoegtckah = "rduscxoecruqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ppugen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzkcgvgqiroe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cphgrnfwvlpmccpsbeg.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ppugen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etnobztmnflkcetyjoshb.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iltijvdkz = "cphgrnfwvlpmccpsbeg.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ppugen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ppugen = "rduscxoecruqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bfoegtckah = "cphgrnfwvlpmccpsbeg.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iltijvdkz = "blawexmawjkeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blawexmawjkeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bfoegtckah = "itjgpjzolzbwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cphgrnfwvlpmccpsbeg.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itjgpjzolzbwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itjgpjzolzbwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cphgrnfwvlpmccpsbeg.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ppugen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cphgrnfwvlpmccpsbeg.exe" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itjgpjzolzbwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blawexmawjkeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iltijvdkz = "etnobztmnflkcetyjoshb.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itjgpjzolzbwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdwwifyqqhmkbcqueilz.exe ." | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "rduscxoecruqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bfoegtckah = "rduscxoecruqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzkcgvgqiroe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "itjgpjzolzbwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rduscxoecruqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "rduscxoecruqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bfoegtckah = "etnobztmnflkcetyjoshb.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cphgrnfwvlpmccpsbeg.exe ." | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ppugen = "itjgpjzolzbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iltijvdkz = "blawexmawjkeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ppugen = "cphgrnfwvlpmccpsbeg.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bfoegtckah = "rduscxoecruqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blawexmawjkeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etnobztmnflkcetyjoshb.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wblcftdmdlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cphgrnfwvlpmccpsbeg.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cdjwvfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etnobztmnflkcetyjoshb.exe ." | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vlgiwvqkmfmmfiyeqwbrmo.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cphgrnfwvlpmccpsbeg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\blawexmawjkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vlgiwvqkmfmmfiyeqwbrmo.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cphgrnfwvlpmccpsbeg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\itjgpjzolzbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\blawexmawjkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\blawexmawjkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\itjgpjzolzbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File created | C:\Windows\SysWOW64\tzkcgvgqiroengmikgbhskodoyqzwmvouq.ojp | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\blawexmawjkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cphgrnfwvlpmccpsbeg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\itjgpjzolzbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etnobztmnflkcetyjoshb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vlgiwvqkmfmmfiyeqwbrmo.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etnobztmnflkcetyjoshb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cphgrnfwvlpmccpsbeg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etnobztmnflkcetyjoshb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vlgiwvqkmfmmfiyeqwbrmo.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etnobztmnflkcetyjoshb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\blawexmawjkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etnobztmnflkcetyjoshb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vlgiwvqkmfmmfiyeqwbrmo.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etnobztmnflkcetyjoshb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vlgiwvqkmfmmfiyeqwbrmo.exe | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\itjgpjzolzbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vlgiwvqkmfmmfiyeqwbrmo.exe | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\blawexmawjkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etnobztmnflkcetyjoshb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gbbibffeljvaygbmdoyttat.xwd | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cphgrnfwvlpmccpsbeg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\itjgpjzolzbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdwwifyqqhmkbcqueilz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vlgiwvqkmfmmfiyeqwbrmo.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\itjgpjzolzbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\itjgpjzolzbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\blawexmawjkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etnobztmnflkcetyjoshb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\blawexmawjkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\blawexmawjkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\gbbibffeljvaygbmdoyttat.xwd | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| File created | C:\Program Files (x86)\gbbibffeljvaygbmdoyttat.xwd | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| File opened for modification | C:\Program Files (x86)\tzkcgvgqiroengmikgbhskodoyqzwmvouq.ojp | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| File created | C:\Program Files (x86)\tzkcgvgqiroengmikgbhskodoyqzwmvouq.ojp | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\cphgrnfwvlpmccpsbeg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\vlgiwvqkmfmmfiyeqwbrmo.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\etnobztmnflkcetyjoshb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\vlgiwvqkmfmmfiyeqwbrmo.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\etnobztmnflkcetyjoshb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\cphgrnfwvlpmccpsbeg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\etnobztmnflkcetyjoshb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\pdwwifyqqhmkbcqueilz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\vlgiwvqkmfmmfiyeqwbrmo.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\etnobztmnflkcetyjoshb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\itjgpjzolzbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\vlgiwvqkmfmmfiyeqwbrmo.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\pdwwifyqqhmkbcqueilz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\pdwwifyqqhmkbcqueilz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\pdwwifyqqhmkbcqueilz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\itjgpjzolzbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\vlgiwvqkmfmmfiyeqwbrmo.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\blawexmawjkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| File opened for modification | C:\Windows\vlgiwvqkmfmmfiyeqwbrmo.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\blawexmawjkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\cphgrnfwvlpmccpsbeg.exe | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| File opened for modification | C:\Windows\itjgpjzolzbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\pdwwifyqqhmkbcqueilz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\itjgpjzolzbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\itjgpjzolzbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\etnobztmnflkcetyjoshb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\blawexmawjkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\blawexmawjkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\itjgpjzolzbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\etnobztmnflkcetyjoshb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\pdwwifyqqhmkbcqueilz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\etnobztmnflkcetyjoshb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\blawexmawjkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\cphgrnfwvlpmccpsbeg.exe | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| File opened for modification | C:\Windows\cphgrnfwvlpmccpsbeg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\blawexmawjkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\itjgpjzolzbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| File opened for modification | C:\Windows\pdwwifyqqhmkbcqueilz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\pdwwifyqqhmkbcqueilz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\itjgpjzolzbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\vlgiwvqkmfmmfiyeqwbrmo.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| File opened for modification | C:\Windows\vlgiwvqkmfmmfiyeqwbrmo.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\vlgiwvqkmfmmfiyeqwbrmo.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\blawexmawjkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\vlgiwvqkmfmmfiyeqwbrmo.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\pdwwifyqqhmkbcqueilz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\etnobztmnflkcetyjoshb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| File opened for modification | C:\Windows\etnobztmnflkcetyjoshb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\cphgrnfwvlpmccpsbeg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\blawexmawjkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\blawexmawjkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rduscxoecruqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\cphgrnfwvlpmccpsbeg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\etnobztmnflkcetyjoshb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\cphgrnfwvlpmccpsbeg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\itjgpjzolzbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etnobztmnflkcetyjoshb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\itjgpjzolzbwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\itjgpjzolzbwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etnobztmnflkcetyjoshb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\itjgpjzolzbwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rduscxoecruqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etnobztmnflkcetyjoshb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rduscxoecruqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\blawexmawjkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rduscxoecruqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rduscxoecruqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etnobztmnflkcetyjoshb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etnobztmnflkcetyjoshb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\blawexmawjkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rduscxoecruqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\itjgpjzolzbwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etnobztmnflkcetyjoshb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rduscxoecruqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\blawexmawjkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\itjgpjzolzbwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\itjgpjzolzbwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etnobztmnflkcetyjoshb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\itjgpjzolzbwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rduscxoecruqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pdwwifyqqhmkbcqueilz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pdwwifyqqhmkbcqueilz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\itjgpjzolzbwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cphgrnfwvlpmccpsbeg.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\edhsp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe"
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bd0b66050d49b213e682c9f3dbddd4f4.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."
C:\Users\Admin\AppData\Local\Temp\edhsp.exe
"C:\Users\Admin\AppData\Local\Temp\edhsp.exe" "-C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe"
C:\Users\Admin\AppData\Local\Temp\edhsp.exe
"C:\Users\Admin\AppData\Local\Temp\edhsp.exe" "-C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe .
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe .
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe .
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe .
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe .
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe .
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe .
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe .
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe .
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\cphgrnfwvlpmccpsbeg.exe*."
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\rduscxoecruqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cphgrnfwvlpmccpsbeg.exe .
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Windows\cphgrnfwvlpmccpsbeg.exe
cphgrnfwvlpmccpsbeg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\cphgrnfwvlpmccpsbeg.exe*."
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Windows\etnobztmnflkcetyjoshb.exe
etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\etnobztmnflkcetyjoshb.exe*."
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\etnobztmnflkcetyjoshb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itjgpjzolzbwkitub.exe .
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\itjgpjzolzbwkitub.exe
itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\itjgpjzolzbwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\itjgpjzolzbwkitub.exe*."
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe
C:\Windows\pdwwifyqqhmkbcqueilz.exe
pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\pdwwifyqqhmkbcqueilz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdwwifyqqhmkbcqueilz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rduscxoecruqfeqsac.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etnobztmnflkcetyjoshb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\pdwwifyqqhmkbcqueilz.exe*."
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\rduscxoecruqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Windows\rduscxoecruqfeqsac.exe
rduscxoecruqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Windows\blawexmawjkeroyy.exe
blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\blawexmawjkeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Users\Admin\AppData\Local\Temp\etnobztmnflkcetyjoshb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\rduscxoecruqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\itjgpjzolzbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe
C:\Users\Admin\AppData\Local\Temp\pdwwifyqqhmkbcqueilz.exe .
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe
C:\Users\Admin\AppData\Local\Temp\cphgrnfwvlpmccpsbeg.exe .
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\blawexmawjkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\blawexmawjkeroyy.exe*."
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| GB | 88.221.135.0:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.imdb.com | udp |
| FR | 52.222.159.143:80 | www.imdb.com | tcp |
| GB | 77.97.178.13:26660 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | pdvlzqvj.net | udp |
| US | 8.8.8.8:53 | dgjcnhgxln.net | udp |
| US | 8.8.8.8:53 | arwlrb.net | udp |
| US | 8.8.8.8:53 | ualkkompkjn.net | udp |
| US | 8.8.8.8:53 | tcjqkah.info | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | ymlktwx.net | udp |
| US | 8.8.8.8:53 | rkhlgchutah.info | udp |
| US | 8.8.8.8:53 | lwxafrwnnwge.info | udp |
| US | 8.8.8.8:53 | enlqvq.info | udp |
| US | 8.8.8.8:53 | zcfujytjyzb.info | udp |
| US | 8.8.8.8:53 | egoktqq.info | udp |
| US | 8.8.8.8:53 | hzvaqiiztcp.net | udp |
| US | 8.8.8.8:53 | pergva.net | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | jpbinbzwz.info | udp |
| US | 8.8.8.8:53 | emaqxov.info | udp |
| US | 8.8.8.8:53 | bpfezdoc.net | udp |
| US | 8.8.8.8:53 | fctuqapprdv.info | udp |
| US | 8.8.8.8:53 | khzemrpy.info | udp |
| US | 8.8.8.8:53 | tcrmxiloj.com | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | yooemgoaoe.com | udp |
| US | 8.8.8.8:53 | htbudy.net | udp |
| US | 8.8.8.8:53 | kgggsqwyaksk.org | udp |
| GB | 77.97.178.13:26660 | tcp | |
| US | 8.8.8.8:53 | ctzbfg.info | udp |
| US | 8.8.8.8:53 | kbknqbxpzs.info | udp |
| US | 8.8.8.8:53 | gfrhfi.info | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | iwbcnkxyz.info | udp |
| US | 8.8.8.8:53 | ggoiisygwcmc.org | udp |
| US | 8.8.8.8:53 | qdpoiwcmgtve.net | udp |
| US | 8.8.8.8:53 | aykikyoe.org | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | sfbmbn.info | udp |
| US | 8.8.8.8:53 | vvfkaqtjhn.info | udp |
| US | 8.8.8.8:53 | xngxgeldjm.net | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | ewgiwcascomg.org | udp |
| US | 8.8.8.8:53 | enuzvfjssg.net | udp |
| US | 8.8.8.8:53 | gbvqgiuu.info | udp |
| US | 8.8.8.8:53 | tftvkh.info | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | asbghon.info | udp |
| US | 8.8.8.8:53 | ouyybkrmc.net | udp |
| US | 8.8.8.8:53 | fphkbcxwbqp.com | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | uecyyg.org | udp |
| US | 8.8.8.8:53 | vwfubtvddy.info | udp |
| US | 8.8.8.8:53 | seqsogkseq.org | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | igcujecm.info | udp |
| US | 8.8.8.8:53 | laxrsig.info | udp |
| US | 8.8.8.8:53 | cflmyqhon.net | udp |
| US | 8.8.8.8:53 | wqockoqwuc.org | udp |
| US | 8.8.8.8:53 | owzynqdsd.net | udp |
| US | 8.8.8.8:53 | xmbgzwfbaszk.info | udp |
| US | 8.8.8.8:53 | muacyrlj.net | udp |
| US | 8.8.8.8:53 | bttuzvbe.net | udp |
| US | 8.8.8.8:53 | iermlty.net | udp |
| US | 8.8.8.8:53 | jwjgjqpenef.com | udp |
| US | 8.8.8.8:53 | kqvqxov.info | udp |
| US | 8.8.8.8:53 | cuxxkvx.info | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | ssdjdapehhcs.net | udp |
| US | 8.8.8.8:53 | oifosvtmw.info | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | fmngpcshw.info | udp |
| US | 8.8.8.8:53 | ywsfkahy.net | udp |
| US | 8.8.8.8:53 | fgsiwed.net | udp |
| US | 8.8.8.8:53 | iheijzwmruv.info | udp |
| US | 8.8.8.8:53 | mcwcgw.com | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | hurssxuit.net | udp |
| US | 8.8.8.8:53 | ayiangiastp.info | udp |
| US | 8.8.8.8:53 | jfrccv.info | udp |
| US | 8.8.8.8:53 | rvmurktkglat.net | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | hmcolex.info | udp |
| US | 8.8.8.8:53 | czvzxojg.info | udp |
| US | 8.8.8.8:53 | rwnbjsh.net | udp |
| US | 8.8.8.8:53 | cotdkwuckwn.net | udp |
| US | 8.8.8.8:53 | qwnfud.info | udp |
| US | 8.8.8.8:53 | uidjbk.net | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | kcrwomznpeb.info | udp |
| US | 8.8.8.8:53 | ecoscya.net | udp |
| US | 8.8.8.8:53 | tpemiswxy.info | udp |
| US | 8.8.8.8:53 | gonsqv.net | udp |
| US | 8.8.8.8:53 | dskknm.info | udp |
| US | 8.8.8.8:53 | dscesxdpr.info | udp |
| US | 8.8.8.8:53 | qwzkmbnmd.net | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | oumoigky.org | udp |
| US | 8.8.8.8:53 | beftjyt.org | udp |
| US | 8.8.8.8:53 | uuiycci.net | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | wbgsfbaswukx.net | udp |
| US | 8.8.8.8:53 | tjnezkt.info | udp |
| US | 8.8.8.8:53 | pyvlmlda.info | udp |
| US | 8.8.8.8:53 | syjejykbzka.net | udp |
| US | 8.8.8.8:53 | hrhbfi.info | udp |
| US | 8.8.8.8:53 | ekrsjcbyswi.info | udp |
| US | 8.8.8.8:53 | eoaywggkeu.org | udp |
| US | 8.8.8.8:53 | wbyztvtxpy.info | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | ochovmtna.net | udp |
| US | 8.8.8.8:53 | oesukj.net | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | djoedopswao.com | udp |
| US | 8.8.8.8:53 | agxypfvke.net | udp |
| US | 8.8.8.8:53 | yoyawyau.org | udp |
| US | 8.8.8.8:53 | zrxobj.net | udp |
| US | 8.8.8.8:53 | giuofywddm.info | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | ebherg.info | udp |
| US | 8.8.8.8:53 | cuqmwgaumq.com | udp |
| US | 8.8.8.8:53 | tzbbew.info | udp |
| US | 8.8.8.8:53 | gwsokuqw.org | udp |
| US | 8.8.8.8:53 | mazangbai.net | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | wnurqy.info | udp |
| US | 8.8.8.8:53 | qiegqauuwsau.com | udp |
| US | 8.8.8.8:53 | yeiwscaoei.com | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | yzahnikpl.info | udp |
| US | 8.8.8.8:53 | btvctk.net | udp |
| US | 8.8.8.8:53 | ttpndwxdbb.info | udp |
| US | 8.8.8.8:53 | nmbkbyxkllwr.net | udp |
| US | 8.8.8.8:53 | ddtfxpdrjx.net | udp |
| US | 8.8.8.8:53 | xuhnlell.info | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | guwwwk.com | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | tgbvyyjmj.info | udp |
| US | 8.8.8.8:53 | psfinpjc.info | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | uioqekgemwiw.org | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | rnhmpmdbvt.info | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | zmrzskzepnvo.net | udp |
| US | 8.8.8.8:53 | pstepvbydif.org | udp |
| US | 8.8.8.8:53 | edlktjn.info | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | savvqacszq.info | udp |
| US | 8.8.8.8:53 | skggci.org | udp |
| US | 8.8.8.8:53 | veygfiqzcgw.org | udp |
| US | 8.8.8.8:53 | issqek.com | udp |
| US | 8.8.8.8:53 | hfvxwlmqjt.net | udp |
| US | 8.8.8.8:53 | smayww.org | udp |
| US | 8.8.8.8:53 | gwqfrqklpvd.info | udp |
| US | 8.8.8.8:53 | cinfvde.net | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | xafequjquag.info | udp |
| US | 8.8.8.8:53 | zcgmdnncd.net | udp |
| US | 8.8.8.8:53 | drxidcsptr.info | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | vhsbrhvvwszk.info | udp |
| US | 8.8.8.8:53 | ywnmkrytvbnl.net | udp |
| US | 8.8.8.8:53 | kkiotexddjj.net | udp |
| US | 8.8.8.8:53 | fdanbyn.net | udp |
| US | 8.8.8.8:53 | nujslybrdl.net | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | aqiojlqkk.net | udp |
| US | 8.8.8.8:53 | bnxeagnwn.info | udp |
| US | 8.8.8.8:53 | nldxrmhvu.net | udp |
| US | 8.8.8.8:53 | yauqwceuqg.org | udp |
| US | 8.8.8.8:53 | kkhthtbs.net | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | ioeuqciyemsk.com | udp |
| US | 8.8.8.8:53 | ymrucnlyxrz.net | udp |
| US | 8.8.8.8:53 | yjjlni.info | udp |
| US | 8.8.8.8:53 | iwsmukue.org | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | qeeiwe.org | udp |
| US | 8.8.8.8:53 | xruxba.net | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | bwzdwqu.info | udp |
| US | 8.8.8.8:53 | vhfwrqsdco.info | udp |
| US | 8.8.8.8:53 | yussomyo.org | udp |
| US | 8.8.8.8:53 | fymqrsdzoxz.org | udp |
| US | 8.8.8.8:53 | xstimldrupz.com | udp |
| US | 8.8.8.8:53 | rgjpxgitnd.net | udp |
| US | 8.8.8.8:53 | kgtxavlitsv.info | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | lqjkvknwjyh.com | udp |
| US | 8.8.8.8:53 | xtqxamjow.net | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | wcymii.org | udp |
| US | 8.8.8.8:53 | pgghfkx.info | udp |
| US | 8.8.8.8:53 | edqyrkx.info | udp |
| US | 8.8.8.8:53 | zirxsngyrra.com | udp |
| US | 8.8.8.8:53 | ogyeqsuo.org | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | qcnxzwracwl.info | udp |
| US | 8.8.8.8:53 | geuuuisyke.org | udp |
| US | 8.8.8.8:53 | ggxibyp.info | udp |
| US | 8.8.8.8:53 | oymokmmeeisc.com | udp |
| US | 8.8.8.8:53 | yeieggokyyce.org | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | bcveiujml.net | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | kccmuiaegoic.org | udp |
| US | 8.8.8.8:53 | jmhitynsj.net | udp |
| US | 8.8.8.8:53 | dekxlrpihr.net | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | jftbmggsar.info | udp |
| US | 8.8.8.8:53 | fynoffr.org | udp |
| US | 8.8.8.8:53 | tsawrcf.net | udp |
| US | 8.8.8.8:53 | xdukutem.net | udp |
| US | 8.8.8.8:53 | zuryddduf.com | udp |
| US | 8.8.8.8:53 | cuoakmaw.com | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | xsfezwy.org | udp |
| US | 8.8.8.8:53 | osdyvzkdnt.info | udp |
| US | 8.8.8.8:53 | kyzbvqrplwd.net | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | eygicuec.com | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | qagwieeyso.org | udp |
| US | 8.8.8.8:53 | rotpyetcn.info | udp |
| US | 8.8.8.8:53 | fejctnmr.net | udp |
| US | 8.8.8.8:53 | qqgwew.com | udp |
| US | 8.8.8.8:53 | ugkuhi.net | udp |
| US | 8.8.8.8:53 | wsesic.org | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | pzupyxvmhp.info | udp |
| US | 8.8.8.8:53 | nmpdlo.net | udp |
| US | 8.8.8.8:53 | ohlaonu.info | udp |
| US | 8.8.8.8:53 | vfylpmwn.info | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | ooikcwcqak.com | udp |
| US | 8.8.8.8:53 | bojyjbpezcr.net | udp |
| US | 8.8.8.8:53 | mgaycy.org | udp |
| US | 8.8.8.8:53 | swfpnkhqlqs.info | udp |
| US | 8.8.8.8:53 | afigrb.info | udp |
| US | 8.8.8.8:53 | gyqiaqooke.org | udp |
| US | 8.8.8.8:53 | ezxcjtvhqaf.net | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | xytxubbz.net | udp |
| US | 8.8.8.8:53 | yqxdxbrwu.net | udp |
| US | 8.8.8.8:53 | rxmsbotduncs.info | udp |
| US | 8.8.8.8:53 | eefufemkpwq.info | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | tpofbwrkpf.net | udp |
| US | 8.8.8.8:53 | vctyzaxsqsf.com | udp |
| US | 8.8.8.8:53 | pxgolu.net | udp |
| US | 8.8.8.8:53 | rjiixy.info | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | tdmgxtlefj.net | udp |
| US | 8.8.8.8:53 | vftqxkfple.net | udp |
| US | 8.8.8.8:53 | ioofwv.net | udp |
| US | 8.8.8.8:53 | cqummvhkkxi.net | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | hotqpbdkfuh.info | udp |
| US | 8.8.8.8:53 | uwhwoodsnyo.info | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | mgwcusaece.org | udp |
| US | 8.8.8.8:53 | twhwjdbipci.org | udp |
| US | 8.8.8.8:53 | fslajan.net | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | ieawsawykaey.com | udp |
| US | 8.8.8.8:53 | rqtzxoz.net | udp |
| US | 8.8.8.8:53 | gbeizltyhaf.net | udp |
| US | 8.8.8.8:53 | obertldw.net | udp |
| US | 8.8.8.8:53 | tknsxkyox.org | udp |
| US | 8.8.8.8:53 | jjfkdkcww.org | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | ckcomycc.com | udp |
| US | 8.8.8.8:53 | osiagyos.org | udp |
| US | 8.8.8.8:53 | qflbwqao.net | udp |
| US | 8.8.8.8:53 | hzioobtptqel.net | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | ekksce.org | udp |
| US | 8.8.8.8:53 | tghclnarytma.info | udp |
| US | 8.8.8.8:53 | xsfqaxr.org | udp |
| US | 8.8.8.8:53 | airfvaibutlg.net | udp |
| US | 8.8.8.8:53 | qgtuyjx.info | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | ftbrzzmztu.net | udp |
| US | 8.8.8.8:53 | wcugug.com | udp |
| US | 8.8.8.8:53 | mixuziluodd.net | udp |
| US | 8.8.8.8:53 | hwllvoz.net | udp |
| US | 8.8.8.8:53 | lwfhhhefbcma.info | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | useuqoce.com | udp |
| US | 8.8.8.8:53 | ylxoppwnwc.info | udp |
| US | 8.8.8.8:53 | zbnxmkjiojkt.info | udp |
| US | 8.8.8.8:53 | wgieme.org | udp |
| US | 8.8.8.8:53 | hixwmdgfm.info | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | nckbclr.com | udp |
| US | 8.8.8.8:53 | cijyxarmx.net | udp |
| US | 8.8.8.8:53 | wqxqxoimcmhs.net | udp |
| US | 8.8.8.8:53 | bmzjxo.info | udp |
| US | 8.8.8.8:53 | imcxqe.info | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | bjeoemtnmwok.net | udp |
| US | 8.8.8.8:53 | hlidjpuwp.net | udp |
| US | 8.8.8.8:53 | jxktvv.info | udp |
| US | 8.8.8.8:53 | grfdrfllvrnu.net | udp |
| US | 8.8.8.8:53 | eyyesugw.org | udp |
| US | 8.8.8.8:53 | txtryn.net | udp |
| US | 8.8.8.8:53 | lsiidmcrmmvn.net | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | wsiaurlivmvq.info | udp |
| US | 8.8.8.8:53 | gihuzdjfx.info | udp |
| US | 8.8.8.8:53 | mqmusaseioos.com | udp |
| US | 8.8.8.8:53 | akcleqlw.info | udp |
| US | 8.8.8.8:53 | uohuzzrxcnaf.net | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | kyysyo.org | udp |
| US | 8.8.8.8:53 | vutfvxd.net | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | eyablupuzch.info | udp |
| US | 8.8.8.8:53 | pnlqjwu.info | udp |
| US | 8.8.8.8:53 | rxyoxyxjvwls.info | udp |
| US | 8.8.8.8:53 | wmkaqm.org | udp |
| US | 8.8.8.8:53 | wszvezwmrw.info | udp |
| US | 8.8.8.8:53 | cnzlnepvveyh.info | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | hqhrpgniod.info | udp |
| US | 8.8.8.8:53 | qgbfxehaxo.net | udp |
| US | 8.8.8.8:53 | zqjycwnlbfm.net | udp |
| US | 8.8.8.8:53 | bqgcdsjnouv.info | udp |
| US | 8.8.8.8:53 | tgguni.info | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | bptupy.info | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | jcaamujkj.info | udp |
| US | 8.8.8.8:53 | iekywyascw.com | udp |
| US | 8.8.8.8:53 | jrfojwisw.org | udp |
| US | 8.8.8.8:53 | tuetjrfirc.net | udp |
| US | 8.8.8.8:53 | bjgtymvb.net | udp |
| US | 8.8.8.8:53 | iekcacig.org | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | rxplfzlc.net | udp |
| US | 8.8.8.8:53 | reshmy.info | udp |
| US | 8.8.8.8:53 | dnnqvwhpopvy.net | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | gqrymwf.net | udp |
| US | 8.8.8.8:53 | pdstcckfspiq.info | udp |
| US | 8.8.8.8:53 | ublzoyngp.net | udp |
| US | 8.8.8.8:53 | hebstrxkj.net | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | jltedpdkv.net | udp |
| US | 8.8.8.8:53 | keeoiees.com | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | dwzexl.info | udp |
| US | 8.8.8.8:53 | tkzaldtqv.info | udp |
| US | 8.8.8.8:53 | pinhnedw.info | udp |
| US | 8.8.8.8:53 | ymuqoaoegugm.org | udp |
| US | 8.8.8.8:53 | rjlwln.net | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | mbawvtparsth.info | udp |
| US | 8.8.8.8:53 | dqyuksxpm.org | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | vyatlh.net | udp |
| US | 8.8.8.8:53 | svpilyp.net | udp |
| US | 8.8.8.8:53 | auhtyeh.net | udp |
| US | 8.8.8.8:53 | yaiowkqaqw.org | udp |
| US | 8.8.8.8:53 | nufifxswempx.net | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | yswoplnd.net | udp |
| US | 8.8.8.8:53 | aahinwp.info | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | xvknnrlru.org | udp |
| US | 8.8.8.8:53 | tmzobwyvgg.info | udp |
| US | 8.8.8.8:53 | qmgcwaqsyaso.org | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | hmgselx.org | udp |
| US | 8.8.8.8:53 | lgtpiv.net | udp |
| US | 8.8.8.8:53 | zbkwfgxx.info | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | sklipxtkb.net | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | qmyarj.info | udp |
| US | 8.8.8.8:53 | fcufpcqj.net | udp |
| US | 8.8.8.8:53 | mihxrwkmm.info | udp |
| US | 8.8.8.8:53 | iasiqc.org | udp |
| US | 8.8.8.8:53 | bydyzrejppn.org | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | cvbugi.net | udp |
| US | 8.8.8.8:53 | biebjzzc.info | udp |
| US | 8.8.8.8:53 | hgobxu.net | udp |
| US | 8.8.8.8:53 | aqjwzgc.net | udp |
| US | 8.8.8.8:53 | hdlitqwi.info | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | hiqumgp.info | udp |
| US | 8.8.8.8:53 | fvmgrsz.info | udp |
| US | 8.8.8.8:53 | rpasznfyus.info | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | ptdhvmduj.net | udp |
| US | 8.8.8.8:53 | bxkwqutltgw.net | udp |
| US | 8.8.8.8:53 | lgfgvm.net | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | iyewmukssgik.com | udp |
| US | 8.8.8.8:53 | ydtjsz.net | udp |
| US | 8.8.8.8:53 | uugakqwg.org | udp |
| US | 8.8.8.8:53 | ktuihvzh.net | udp |
| US | 8.8.8.8:53 | pukkum.info | udp |
| US | 8.8.8.8:53 | zkgsldl.com | udp |
| US | 8.8.8.8:53 | oubbvffehirr.net | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | bjgtfrhemd.info | udp |
| US | 8.8.8.8:53 | xkrkxtgcren.info | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | juozdcx.net | udp |
| US | 8.8.8.8:53 | nezkuwlkb.net | udp |
| US | 8.8.8.8:53 | bllethfgilj.info | udp |
| US | 8.8.8.8:53 | wygugiao.org | udp |
| US | 8.8.8.8:53 | waeowxc.info | udp |
| US | 8.8.8.8:53 | dqtuihhhpvr.net | udp |
| US | 8.8.8.8:53 | ednnflh.info | udp |
| US | 8.8.8.8:53 | rsskxn.info | udp |
| US | 8.8.8.8:53 | simocqcguk.org | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | ksnelpckjan.info | udp |
| NL | 173.194.69.94:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | kakqia.org | udp |
| US | 8.8.8.8:53 | fmpwomwkktvh.net | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | daenibz.net | udp |
| US | 8.8.8.8:53 | aeimmkuwmkky.org | udp |
| US | 8.8.8.8:53 | ojwkxuiua.info | udp |
| US | 8.8.8.8:53 | nauucwxsaco.com | udp |
| US | 8.8.8.8:53 | ucnyzgsytoj.info | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | laydfipusg.net | udp |
| US | 8.8.8.8:53 | isxqlkteinqw.info | udp |
| US | 8.8.8.8:53 | uitcuruqyd.net | udp |
| US | 8.8.8.8:53 | furmjwr.info | udp |
| US | 8.8.8.8:53 | wcuiqgio.com | udp |
| US | 8.8.8.8:53 | akwouszpx.info | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | tlnlgxoxfmvm.info | udp |
| US | 8.8.8.8:53 | iosaquue.org | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | mawikeew.com | udp |
| US | 8.8.8.8:53 | jwdnbuzhkqp.com | udp |
| US | 8.8.8.8:53 | jlpbrqfrww.info | udp |
| US | 8.8.8.8:53 | vodzdfvev.com | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | dvbgdeeyb.info | udp |
| US | 8.8.8.8:53 | yqlhyuigh.net | udp |
| US | 8.8.8.8:53 | rklmhsjkgyl.org | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | vodfxfs.info | udp |
| US | 8.8.8.8:53 | rlrvqv.info | udp |
| US | 8.8.8.8:53 | rmvbchjb.net | udp |
| US | 8.8.8.8:53 | aujxoq.info | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | nkpjicr.org | udp |
| US | 8.8.8.8:53 | hylzttocpkd.com | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | hqxgrcmkev.net | udp |
| US | 8.8.8.8:53 | dttijrus.net | udp |
| US | 8.8.8.8:53 | vinexubulnl.org | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | fmvudtdupebn.info | udp |
| US | 8.8.8.8:53 | uhecny.net | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | rtoykrdudu.info | udp |
| US | 8.8.8.8:53 | vnqrls.net | udp |
| US | 8.8.8.8:53 | jfimzw.net | udp |
| US | 8.8.8.8:53 | aegcepzghxwn.info | udp |
| US | 8.8.8.8:53 | pmudkv.info | udp |
| US | 8.8.8.8:53 | zkdaae.net | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | iynkwmfed.net | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | pshzjp.info | udp |
| US | 8.8.8.8:53 | kxvomb.net | udp |
| US | 8.8.8.8:53 | gqrmaszaq.net | udp |
| US | 8.8.8.8:53 | gjpcsuobrw.net | udp |
| US | 8.8.8.8:53 | yuepypc.info | udp |
| US | 8.8.8.8:53 | hqhdteuaieh.com | udp |
| US | 8.8.8.8:53 | ubpbptft.net | udp |
| US | 8.8.8.8:53 | bgsczezsqyj.net | udp |
| US | 8.8.8.8:53 | xefqqssoqjh.com | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | ruhgwgdevnr.com | udp |
| US | 8.8.8.8:53 | ykzislp.info | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | tezgharxc.com | udp |
| US | 8.8.8.8:53 | jsnlpfot.net | udp |
| US | 8.8.8.8:53 | aadvbf.info | udp |
| US | 8.8.8.8:53 | puoklt.net | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | oixjdsf.net | udp |
| US | 8.8.8.8:53 | qoguia.com | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | ikzgmyh.net | udp |
| US | 8.8.8.8:53 | makckoeo.com | udp |
| US | 8.8.8.8:53 | czetmd.net | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | kutpkfpmiwxl.net | udp |
| US | 8.8.8.8:53 | vjwatlfj.net | udp |
| US | 8.8.8.8:53 | judbdennkgd.info | udp |
| US | 8.8.8.8:53 | uesaqe.com | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | wgkoggugas.com | udp |
| US | 8.8.8.8:53 | sxbsgcpgfit.info | udp |
| US | 8.8.8.8:53 | oiolsgbsfh.net | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | jgdgtjz.net | udp |
| US | 8.8.8.8:53 | tjxjurbobuf.net | udp |
| US | 8.8.8.8:53 | bylbrlymcwwl.info | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | kywntixor.info | udp |
| US | 8.8.8.8:53 | uhhtlpje.net | udp |
| US | 8.8.8.8:53 | pavflzb.com | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | pjelgigr.net | udp |
| US | 8.8.8.8:53 | xvqvfufjrf.info | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | hnzmyy.net | udp |
| US | 8.8.8.8:53 | usgusggsymus.com | udp |
| US | 8.8.8.8:53 | imblggrkr.net | udp |
| US | 8.8.8.8:53 | aydermbbbic.net | udp |
| US | 8.8.8.8:53 | dfrubuakx.org | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | klqivgyoaos.net | udp |
| US | 8.8.8.8:53 | zorxhfrvg.net | udp |
| US | 8.8.8.8:53 | natwlbridsh.org | udp |
| US | 8.8.8.8:53 | blzqjzne.info | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | hafkrzlnwet.info | udp |
| US | 8.8.8.8:53 | dtppzxsq.net | udp |
| US | 8.8.8.8:53 | wskgigmuymoy.com | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | uiwlkqi.info | udp |
| US | 8.8.8.8:53 | pxyuzn.net | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | bqzufznqwkx.com | udp |
| US | 8.8.8.8:53 | jdvrfulgp.net | udp |
| US | 8.8.8.8:53 | pcuqjp.net | udp |
| US | 8.8.8.8:53 | oyprwp.net | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | zzlovfpft.com | udp |
| US | 8.8.8.8:53 | vudxkm.net | udp |
| US | 8.8.8.8:53 | vmivrrxebxt.com | udp |
| US | 8.8.8.8:53 | ywigcsucyw.org | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | ueoajixsbrj.net | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | fetientfv.com | udp |
| US | 8.8.8.8:53 | terfzwa.info | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | dmfqysc.com | udp |
| US | 8.8.8.8:53 | xnfsgy.info | udp |
| US | 8.8.8.8:53 | eutrjms.info | udp |
| US | 8.8.8.8:53 | sqwqffsfl.net | udp |
| US | 8.8.8.8:53 | irybdymegzoj.net | udp |
| US | 8.8.8.8:53 | uklxzjvqdqt.info | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | ptdqtai.info | udp |
| US | 8.8.8.8:53 | ujfxforykfmc.net | udp |
| US | 8.8.8.8:53 | xwxkhwnyfmv.org | udp |
| US | 8.8.8.8:53 | eyqimgwqka.org | udp |
| US | 8.8.8.8:53 | zybwcuuelkdj.net | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | fbzdkixsdkr.org | udp |
| US | 8.8.8.8:53 | orzccalkasr.info | udp |
| US | 8.8.8.8:53 | yqvbjulzh.info | udp |
| US | 8.8.8.8:53 | rqvsclyop.info | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | imkgwoukmcku.com | udp |
| US | 8.8.8.8:53 | eccukkmoiq.org | udp |
| US | 8.8.8.8:53 | srdwxczbzcwr.info | udp |
| US | 8.8.8.8:53 | wpzuodfb.net | udp |
| US | 8.8.8.8:53 | hfrmiwtwnol.com | udp |
| US | 8.8.8.8:53 | jgnwqgx.net | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | ihyiyxzl.info | udp |
| US | 8.8.8.8:53 | rybwlvut.info | udp |
| US | 8.8.8.8:53 | qoydqatybuh.net | udp |
| US | 8.8.8.8:53 | navsuyi.com | udp |
| US | 8.8.8.8:53 | rtrvve.net | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | zacghmv.org | udp |
| US | 8.8.8.8:53 | vlrhtqhsnj.net | udp |
| US | 8.8.8.8:53 | wowemqmw.org | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | kykyttpg.info | udp |
| US | 8.8.8.8:53 | ddhoejbbdcya.info | udp |
| US | 8.8.8.8:53 | bxjpboicoxkj.info | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | yssguy.org | udp |
| US | 8.8.8.8:53 | acsswgkm.com | udp |
| US | 8.8.8.8:53 | oilnhchav.net | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | vknuzxlabgbz.net | udp |
| US | 8.8.8.8:53 | dkrsyqaj.net | udp |
| US | 8.8.8.8:53 | rpqctxfbtcfy.net | udp |
| US | 8.8.8.8:53 | coeuwmmceq.org | udp |
| US | 8.8.8.8:53 | bkjsdopmkg.info | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | vplnjbndgb.info | udp |
| US | 8.8.8.8:53 | wnrihqodee.net | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | wyygiowkuc.com | udp |
| US | 8.8.8.8:53 | yszyerhod.info | udp |
| US | 8.8.8.8:53 | okgukgms.org | udp |
| US | 8.8.8.8:53 | ewgacwomgi.org | udp |
| US | 8.8.8.8:53 | pdjwhszrl.com | udp |
| US | 8.8.8.8:53 | hkxwtqh.org | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | wkquiyaa.com | udp |
| US | 8.8.8.8:53 | jqlifzlf.net | udp |
| US | 8.8.8.8:53 | usqstrvvzm.info | udp |
| US | 8.8.8.8:53 | fivthqqi.info | udp |
| US | 8.8.8.8:53 | pijpnex.com | udp |
| US | 8.8.8.8:53 | apbnnengni.net | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | nopdrjh.net | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | nraoby.info | udp |
| US | 8.8.8.8:53 | cwqoag.com | udp |
| US | 8.8.8.8:53 | bcnzdi.info | udp |
| US | 8.8.8.8:53 | zxnqdvxhjmte.net | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | qkpwov.info | udp |
| US | 8.8.8.8:53 | caxwfyo.info | udp |
| US | 8.8.8.8:53 | kflrcf.net | udp |
| US | 8.8.8.8:53 | mqgggocgiieg.com | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | bqxouzxu.info | udp |
| US | 8.8.8.8:53 | jszwdr.info | udp |
| US | 8.8.8.8:53 | ouiqiookyyoc.org | udp |
| US | 8.8.8.8:53 | ztykonepfn.net | udp |
| US | 8.8.8.8:53 | xcjopymrlxli.info | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | njbnpa.info | udp |
| US | 8.8.8.8:53 | cjofsm.net | udp |
| US | 8.8.8.8:53 | ybbbpyvkqxj.info | udp |
| US | 8.8.8.8:53 | ermrcunkrfea.net | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | kagivguvon.net | udp |
| US | 8.8.8.8:53 | kqukiq.com | udp |
| US | 8.8.8.8:53 | palasv.info | udp |
| US | 8.8.8.8:53 | qgirrftxzald.net | udp |
| US | 8.8.8.8:53 | psehkcqcm.net | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | hwrxeat.com | udp |
| US | 8.8.8.8:53 | jyhifmx.com | udp |
| US | 8.8.8.8:53 | ganqjzg.net | udp |
| US | 8.8.8.8:53 | rmzsvkv.com | udp |
| US | 8.8.8.8:53 | jrvbbkrqp.info | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | vndkpcj.org | udp |
| US | 8.8.8.8:53 | kzbicp.info | udp |
| US | 8.8.8.8:53 | xmxaan.net | udp |
| US | 8.8.8.8:53 | cjvsfhrol.net | udp |
| US | 8.8.8.8:53 | vmzcbrpqmnu.org | udp |
| US | 8.8.8.8:53 | tedihpul.net | udp |
| US | 8.8.8.8:53 | trhhxfuf.net | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | wxbahhdq.info | udp |
| US | 8.8.8.8:53 | ywouucio.org | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | lcxlvagnywpq.info | udp |
| US | 8.8.8.8:53 | uehbnqz.info | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | cifubedth.net | udp |
| US | 8.8.8.8:53 | hmcnlwkt.info | udp |
| US | 8.8.8.8:53 | iiucmioi.org | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | uduupmeet.net | udp |
| US | 8.8.8.8:53 | yncjxahugekp.net | udp |
| US | 8.8.8.8:53 | fhvhglvchbuh.info | udp |
| US | 8.8.8.8:53 | nbkqbhz.org | udp |
| US | 8.8.8.8:53 | euyhqptaj.info | udp |
| US | 8.8.8.8:53 | lftvpj.info | udp |
| US | 8.8.8.8:53 | jmlpunoylbbf.net | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | hvjsralcd.net | udp |
| US | 8.8.8.8:53 | tuhclttnhn.net | udp |
| US | 8.8.8.8:53 | pipwbsbdy.com | udp |
| US | 8.8.8.8:53 | qwhptudqu.info | udp |
| US | 8.8.8.8:53 | lobnjivfon.info | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | rsmctszkniw.net | udp |
| US | 8.8.8.8:53 | dlwybgka.info | udp |
| US | 8.8.8.8:53 | bivupqo.com | udp |
| US | 8.8.8.8:53 | qcnbvcfgf.net | udp |
| US | 8.8.8.8:53 | basbeclxx.org | udp |
| US | 8.8.8.8:53 | oygeywae.com | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | sxcbdafj.net | udp |
| US | 8.8.8.8:53 | acgigewo.com | udp |
| US | 8.8.8.8:53 | akyisckski.org | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | dkxeoqa.info | udp |
| US | 8.8.8.8:53 | bbsqffeexen.info | udp |
| US | 8.8.8.8:53 | ciqbltpbwjps.net | udp |
| US | 8.8.8.8:53 | yajpxinqskz.net | udp |
| US | 8.8.8.8:53 | kywwcsyy.org | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | fhjjhgbrjnhi.net | udp |
| US | 8.8.8.8:53 | nwbecj.info | udp |
| US | 8.8.8.8:53 | ycccee.org | udp |
| US | 8.8.8.8:53 | kmvvwey.info | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | axvgwchgv.net | udp |
| US | 8.8.8.8:53 | ioktbkbifcg.net | udp |
| US | 8.8.8.8:53 | amthtxvkxm.net | udp |
| US | 8.8.8.8:53 | tbymbpnfvtsg.net | udp |
| US | 8.8.8.8:53 | xlgqigxl.net | udp |
| US | 8.8.8.8:53 | xjrrvxjgpnb.net | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | csggwiguge.com | udp |
| US | 8.8.8.8:53 | fbeuxcosxdz.org | udp |
| US | 8.8.8.8:53 | xfrfubbdychs.info | udp |
| US | 8.8.8.8:53 | fhpuvwbisgi.com | udp |
| US | 8.8.8.8:53 | txmcdinwhya.info | udp |
| US | 8.8.8.8:53 | nsdbuilijifp.net | udp |
| US | 8.8.8.8:53 | qiykiggseigi.com | udp |
| US | 8.8.8.8:53 | tzbcap.info | udp |
| US | 8.8.8.8:53 | qmttlgp.net | udp |
| US | 8.8.8.8:53 | mkjabsieh.net | udp |
| US | 8.8.8.8:53 | zlbmsinil.net | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | qckyoayock.org | udp |
| US | 8.8.8.8:53 | gisgpmwyfg.net | udp |
| US | 8.8.8.8:53 | iyjofui.info | udp |
| US | 8.8.8.8:53 | nlzqfql.com | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | gmcaykoo.org | udp |
| US | 8.8.8.8:53 | zvyobkiede.net | udp |
| US | 8.8.8.8:53 | fsnuuofbj.info | udp |
| US | 8.8.8.8:53 | zrbdnuxkvlld.info | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | eqigwesc.org | udp |
| US | 8.8.8.8:53 | helgqqf.info | udp |
| US | 8.8.8.8:53 | rezaiet.info | udp |
| US | 8.8.8.8:53 | waddteh.info | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | fnrxnlbj.net | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | qnmueiam.net | udp |
| US | 8.8.8.8:53 | tslwnklif.net | udp |
| US | 8.8.8.8:53 | pbzgyvwrjazl.net | udp |
| US | 8.8.8.8:53 | vcocxokj.net | udp |
| US | 8.8.8.8:53 | lsrmmkbmf.org | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | kwvjfxs.net | udp |
| US | 8.8.8.8:53 | eoxoxaz.net | udp |
| US | 8.8.8.8:53 | zffkhwluckmk.info | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | pnbhimnwtm.info | udp |
| US | 8.8.8.8:53 | wgmsmaemmu.org | udp |
| US | 8.8.8.8:53 | eqzigrhce.info | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | atztcmd.net | udp |
| US | 8.8.8.8:53 | igdktubgu.net | udp |
| US | 8.8.8.8:53 | yoqkyoqo.org | udp |
| US | 8.8.8.8:53 | ywssrulqz.net | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | bzmzec.net | udp |
| US | 8.8.8.8:53 | iuiwyqmeuc.com | udp |
| US | 8.8.8.8:53 | hfbihufhjue.net | udp |
| US | 8.8.8.8:53 | uegsgk.org | udp |
| US | 8.8.8.8:53 | iabmuja.net | udp |
| US | 8.8.8.8:53 | cdcxbtgcbn.info | udp |
| US | 8.8.8.8:53 | hyenwxcg.net | udp |
| US | 8.8.8.8:53 | pbsivheg.net | udp |
| US | 8.8.8.8:53 | eusywo.com | udp |
| US | 8.8.8.8:53 | uwzspvyap.net | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | qtyfzh.net | udp |
| US | 8.8.8.8:53 | zdvekgqcwh.net | udp |
| US | 8.8.8.8:53 | knaaduv.info | udp |
| US | 8.8.8.8:53 | beyhvc.net | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | tnjeqfii.net | udp |
| US | 8.8.8.8:53 | cddotdfud.net | udp |
| US | 8.8.8.8:53 | fgrnguhvd.net | udp |
| US | 8.8.8.8:53 | muqsiqcwos.org | udp |
| US | 8.8.8.8:53 | xetswnz.net | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | zuxgtaw.info | udp |
| US | 8.8.8.8:53 | sksxqaatrsuf.info | udp |
| US | 8.8.8.8:53 | skmkquqwmaae.com | udp |
| US | 8.8.8.8:53 | gsmalljblrdo.info | udp |
| US | 8.8.8.8:53 | xoftzkjaprz.info | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | uoaodczsdrq.info | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | vpiqrozncdnx.info | udp |
| US | 8.8.8.8:53 | nertyusucf.net | udp |
| US | 8.8.8.8:53 | mkxxjspo.net | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | zqxgspl.org | udp |
| US | 8.8.8.8:53 | jofkruowj.info | udp |
| US | 8.8.8.8:53 | anbwpjfw.info | udp |
| US | 8.8.8.8:53 | crvamnkv.net | udp |
| US | 8.8.8.8:53 | mruwqfbe.info | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | kwxdfzeuv.net | udp |
| US | 8.8.8.8:53 | guflhvfxosh.info | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | bbjucm.info | udp |
| US | 8.8.8.8:53 | ummymm.org | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | hbzywqslbe.info | udp |
| US | 8.8.8.8:53 | uilkpba.info | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | mjceectzze.net | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | jtzvdg.net | udp |
| US | 8.8.8.8:53 | eugksuaw.org | udp |
| US | 8.8.8.8:53 | lliynip.com | udp |
| US | 8.8.8.8:53 | aeaogy.org | udp |
| US | 8.8.8.8:53 | sccswqycameu.com | udp |
| US | 8.8.8.8:53 | sfexbzvriz.info | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | adlqmgjcj.info | udp |
| US | 8.8.8.8:53 | uglnowt.info | udp |
| US | 8.8.8.8:53 | hqtlzjcvge.net | udp |
| US | 8.8.8.8:53 | nirfqtzbesiu.net | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | jpugqt.info | udp |
| US | 8.8.8.8:53 | jejcqyirst.info | udp |
| US | 8.8.8.8:53 | dcmherpo.info | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | meswwsaasaqg.org | udp |
Files
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
| MD5 | a4ebfcec20d40bf9917c1f0724917442 |
| SHA1 | fe9cef99034f175c7077177ca7e3891fb62b1bba |
| SHA256 | d852503961e4da73c886f3fef92052485885f1b6d3bb78ee531a8f4010972119 |
| SHA512 | f4e792c3edfd79453b6acdf2a9fd35cc79d88ca5bec46d8b770a9c7b44a48fda1425aac1bc16d507ee69f929a3ab2a4aff5ef913202ac337b1c5fd7f01d610dc |
C:\Windows\SysWOW64\rduscxoecruqfeqsac.exe
| MD5 | bd0b66050d49b213e682c9f3dbddd4f4 |
| SHA1 | 3e6dc7c446dc88cd3b9aa237c8d4836bff134a18 |
| SHA256 | 36f7aefe30f8fdda2c6a568efa39ed27bd09956fc7123a034285cf8e5f0d91a7 |
| SHA512 | 7d0b3e9d573564d7d937b9ec83f21682a692c5ddb3797b155866b7620ecfebd6d2e444ab6d5a3f17b0d15a2db6af11f84aedfc93671c68d239cd2236c3b75ffa |
C:\Users\Admin\AppData\Local\Temp\edhsp.exe
| MD5 | 92230bb7c6f8310b073ab11d7ced7c4f |
| SHA1 | fc76b48a20098bdb18aff9ad3873b1ed38de682e |
| SHA256 | 75d0b8a7557b494077dfadecf260d8ac46b33ab543cc3448a56509f06f616115 |
| SHA512 | ac5c89902e2f0220a49ac98d0fd504c970bd240528a4272ae3379ffb1c4303889e390244df03e8548ff969d60f3061f39ce6e08fbb5752b722f4d98e52df1623 |
C:\Users\Admin\AppData\Local\gbbibffeljvaygbmdoyttat.xwd
| MD5 | 6bba45a346e0e6851ee2e2e2588cdb92 |
| SHA1 | 3424cd681369c2c39072981e02d00d341858dc85 |
| SHA256 | 04865af93c1a00e98be319571cae6819d7fdcb9a9aff5d849dcfeb152ce98488 |
| SHA512 | 6ee9d07b7d552f0068f4b2e043052b9265b9c413143588bee17d1a548ebcd2719764e2da716c5a940e88486e2edd40de5b9f92d27a252cc011da8ea89a6e80a1 |
C:\Users\Admin\AppData\Local\tzkcgvgqiroengmikgbhskodoyqzwmvouq.ojp
| MD5 | b8c182b375b61fc7bc5c091eafda0566 |
| SHA1 | 6826bb5455808db0a0bb6085c0f0a8e943191a34 |
| SHA256 | 3b53c4567df2cdb40c8a32309358ceb9a4bd138dfe1544fe576fcfd325ec219b |
| SHA512 | 8ae400028bb22ea97120ff233d991ee13d10744e4b9cf5e7cc6ef313cdf501738b664bf9ad0df5b7f5b5263b3407f6d1cf085cc816abc852426c9174adc171ca |
C:\Program Files (x86)\gbbibffeljvaygbmdoyttat.xwd
| MD5 | 1a1d256d99847cb8eb4e0ca014052f5d |
| SHA1 | 76a683d134b3636c3103bc357056a4cf81840323 |
| SHA256 | b25acc7a06c8ffc7dcb4ed79a2cdfacd60a34324877621af490a4eeb5dbb3ee7 |
| SHA512 | 20dfcbc5e813ab72106d483cceacc6b8456a56f5b96f442558279e76ab83cb086b807dac26b656b64e128291cdf5ad2f73c3cf498e6517cdc31bdc651b36c932 |
C:\Program Files (x86)\gbbibffeljvaygbmdoyttat.xwd
| MD5 | 7c18942302bf5e29f6f7f1be5d9906fb |
| SHA1 | dc31c34f76018b88376eb1eaa94a283c6f77acdb |
| SHA256 | 981308ad7f3ae755bfcc21fb76b05d5687c0b51609a561120d55a9fe42b90b5d |
| SHA512 | fba5f0720035ccb9537ff589855e67b025f5c29f83892bbb1bec2c29ca1cd9dbf8129cfd62d2abe568f5f2d4ca585ec74dac9a3c30bf9c7a7a9941c84feb524d |
C:\Program Files (x86)\gbbibffeljvaygbmdoyttat.xwd
| MD5 | 553078faeda10b51f388fadcb49a5b75 |
| SHA1 | d7da2fbead73536f2bb6d424397b63975393a714 |
| SHA256 | 8cad1c58a765619f8443850f1c2307d72f2cb2bdc8edbc6131c2dd665bb3db36 |
| SHA512 | f0750fdb75d96df1fb91d8da41554ad56cdf4bf45474ab347825e5ee6514c05e83f44c1c7f45063bfa4311d69f630e9cd985ce5d62e8656a0132cb5da621ea92 |
C:\Program Files (x86)\gbbibffeljvaygbmdoyttat.xwd
| MD5 | bb567a217895b0f0172efe265fb1c810 |
| SHA1 | b224175ad200010387b32d4fa3a976bfc0e267e4 |
| SHA256 | 6da19d9b5d509dbb2e235f2dfa6c249fd4acf854b129b53e0ed22b9e77b595d6 |
| SHA512 | f7c2feeef4e7b73f68bcb270c164577a04795c3d85599d14ef086266c2d6c39720b8b6bff56daa2dbddd3e10e0d58e4d8ff227b2f5a8d834ce9229fc905e9b57 |
C:\Program Files (x86)\gbbibffeljvaygbmdoyttat.xwd
| MD5 | 344ba62df3105d10de37f6cff4b9d7a3 |
| SHA1 | e03b602ac15b3d92ea29a8220e575bd1cd654ac1 |
| SHA256 | 399d38df390780c4c49fc5c6477f3c3eeced9b77e9a04c2cb288bfb63c6bb8d0 |
| SHA512 | 051a6ae3ba223f202ea36c747c3dffc596cd027187cf54857648c5889911cabd13aad75fa4d22b2a1a0cb921350ab03967f82769ed6b86fee18be022c6aca375 |
C:\Program Files (x86)\gbbibffeljvaygbmdoyttat.xwd
| MD5 | ac75b52d036241feea989c485dbe4c6b |
| SHA1 | fd4ece502d31015e15a623942bcfc4386389d399 |
| SHA256 | fb6bef670b6b7046c154bcfb06731a685fa3d2262f0a0d8c12385c70827a1233 |
| SHA512 | 35639480c1d48d6cc724a1a7d156ae81ec8c72b9323b8a39314172dbb1e4c9844fe4c85aeced82268bb6bba334a7466cf001ccdc8d5cbbfb31bfeb98c99209ef |
C:\Program Files (x86)\gbbibffeljvaygbmdoyttat.xwd
| MD5 | 611be69a8bbb2ee52b4c93ba9d4d4ac9 |
| SHA1 | 9fddc8370d6299d23679f19cee2a7871f3524724 |
| SHA256 | 4762cfd22ef989adf682ecd7b455f3f94cf304f33f166024d8350a4471713fbc |
| SHA512 | adffa0dcb38b34d97ed545a7c38f3cf8033b3e91f0cd4351107be145af26a751eebb4e554ab8490f1350638cfab5592bcdf00d7b16fee3b96c1f2e01ef1d3e3a |