Analysis Overview
SHA256
04d3522972566a2b189144c86441058f1af5641a67cdaf39e246f91ba23bf5c5
Threat Level: Known bad
The file JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60 was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
UAC bypass
Pykspa family
Pykspa
Detect Pykspa worm
Disables RegEdit via registry modification
Adds policy Run key to start application
Checks computer location settings
Executes dropped EXE
Impair Defenses: Safe Mode Boot
Looks up external IP address via web service
Hijack Execution Flow: Executable Installer File Permissions Weakness
Checks whether UAC is enabled
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
System policy modification
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-18 11:52
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2025-04-18 11:52
Reported
2025-04-18 11:54
Platform
win11-20250410-en
Max time kernel
34s
Max time network
151s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "bzlmgaypnvvrcqbigusef.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "bzlmgaypnvvrcqbigusef.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "yryujyrdwzulragi.exe" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "zvfewokzvbztcoxcykg.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "yryujyrdwzulragi.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojsqhythchexfqycxi.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "ojsqhythchexfqycxi.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "mjuungdtqxwrboyebolw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "fzheukerlpldkubey.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "fzheukerlpldkubey.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "fzheukerlpldkubey.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "mjuungdtqxwrboyebolw.exe" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bzlmgaypnvvrcqbigusef.exe" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "fzheukerlpldkubey.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvfewokzvbztcoxcykg.exe" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "ojsqhythchexfqycxi.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "mjuungdtqxwrboyebolw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bzlmgaypnvvrcqbigusef.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "mjuungdtqxwrboyebolw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bzlmgaypnvvrcqbigusef.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "bzlmgaypnvvrcqbigusef.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "yryujyrdwzulragi.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "fzheukerlpldkubey.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "fzheukerlpldkubey.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "fzheukerlpldkubey.exe" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "yryujyrdwzulragi.exe" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bzlmgaypnvvrcqbigusef.exe" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bzlmgaypnvvrcqbigusef.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "mjuungdtqxwrboyebolw.exe" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "zvfewokzvbztcoxcykg.exe ." | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojsqhythchexfqycxi.exe" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvfewokzvbztcoxcykg.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "mjuungdtqxwrboyebolw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvfewokzvbztcoxcykg.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "mjuungdtqxwrboyebolw.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "fzheukerlpldkubey.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fzheukerlpldkubey = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "zvfewokzvbztcoxcykg.exe ." | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "zvfewokzvbztcoxcykg.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fzheukerlpldkubey = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\yryujyrdwzulragi = "zvfewokzvbztcoxcykg.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fzheukerlpldkubey = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojsqhythchexfqycxi.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\yryujyrdwzulragi = "bzlmgaypnvvrcqbigusef.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tlrmaogrjlfvain = "ojsqhythchexfqycxi.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tlrmaogrjlfvain = "fzheukerlpldkubey.exe" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fzheukerlpldkubey = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bzlmgaypnvvrcqbigusef.exe ." | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "yryujyrdwzulragi.exe ." | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tlrmaogrjlfvain = "bzlmgaypnvvrcqbigusef.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvfewokzvbztcoxcykg.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "bzlmgaypnvvrcqbigusef.exe ." | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "fzheukerlpldkubey.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tlrmaogrjlfvain = "yryujyrdwzulragi.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\yryujyrdwzulragi = "fzheukerlpldkubey.exe ." | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "mjuungdtqxwrboyebolw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "ojsqhythchexfqycxi.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bzlmgaypnvvrcqbigusef.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojsqhythchexfqycxi.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "fzheukerlpldkubey.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fzheukerlpldkubey = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojsqhythchexfqycxi.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fzheukerlpldkubey = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvfewokzvbztcoxcykg.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "bzlmgaypnvvrcqbigusef.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bzlmgaypnvvrcqbigusef.exe ." | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\yryujyrdwzulragi = "bzlmgaypnvvrcqbigusef.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fzheukerlpldkubey = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe ." | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojsqhythchexfqycxi.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fzheukerlpldkubey = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojsqhythchexfqycxi.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "zvfewokzvbztcoxcykg.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvfewokzvbztcoxcykg.exe" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tlrmaogrjlfvain = "yryujyrdwzulragi.exe" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fzheukerlpldkubey = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvfewokzvbztcoxcykg.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "ojsqhythchexfqycxi.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "yryujyrdwzulragi.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe ." | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fzheukerlpldkubey = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "mjuungdtqxwrboyebolw.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\yryujyrdwzulragi = "bzlmgaypnvvrcqbigusef.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\sregbwvnmvwtfugoncboql.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zvfewokzvbztcoxcykg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yryujyrdwzulragi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sregbwvnmvwtfugoncboql.exe | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zvfewokzvbztcoxcykg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yryujyrdwzulragi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sregbwvnmvwtfugoncboql.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sregbwvnmvwtfugoncboql.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mjuungdtqxwrboyebolw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yryujyrdwzulragi.exe | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zvfewokzvbztcoxcykg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mjuungdtqxwrboyebolw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bzlmgaypnvvrcqbigusef.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File created | C:\Windows\SysWOW64\yryujyrdwzulragibkdkgvkdpilgxdmsunwpws.wpb | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zvfewokzvbztcoxcykg.exe | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bzlmgaypnvvrcqbigusef.exe | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bzlmgaypnvvrcqbigusef.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mjuungdtqxwrboyebolw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zvfewokzvbztcoxcykg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yryujyrdwzulragi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yryujyrdwzulragi.exe | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bzlmgaypnvvrcqbigusef.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sregbwvnmvwtfugoncboql.exe | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bzlmgaypnvvrcqbigusef.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mjuungdtqxwrboyebolw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mjuungdtqxwrboyebolw.exe | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zvfewokzvbztcoxcykg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sregbwvnmvwtfugoncboql.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yryujyrdwzulragi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zvfewokzvbztcoxcykg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yryujyrdwzulragi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mjuungdtqxwrboyebolw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bzlmgaypnvvrcqbigusef.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zvfewokzvbztcoxcykg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File created | C:\Windows\SysWOW64\bjfquyghphrxsqlckiqmxbfnowo.ezx | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sregbwvnmvwtfugoncboql.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yryujyrdwzulragi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sregbwvnmvwtfugoncboql.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\bjfquyghphrxsqlckiqmxbfnowo.ezx | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File created | C:\Program Files (x86)\bjfquyghphrxsqlckiqmxbfnowo.ezx | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File opened for modification | C:\Program Files (x86)\yryujyrdwzulragibkdkgvkdpilgxdmsunwpws.wpb | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File created | C:\Program Files (x86)\yryujyrdwzulragibkdkgvkdpilgxdmsunwpws.wpb | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\sregbwvnmvwtfugoncboql.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\bzlmgaypnvvrcqbigusef.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File created | C:\Windows\yryujyrdwzulragibkdkgvkdpilgxdmsunwpws.wpb | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File opened for modification | C:\Windows\zvfewokzvbztcoxcykg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\bzlmgaypnvvrcqbigusef.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\yryujyrdwzulragi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File created | C:\Windows\bjfquyghphrxsqlckiqmxbfnowo.ezx | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File opened for modification | C:\Windows\bzlmgaypnvvrcqbigusef.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\mjuungdtqxwrboyebolw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\ojsqhythchexfqycxi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\zvfewokzvbztcoxcykg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\ojsqhythchexfqycxi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\bzlmgaypnvvrcqbigusef.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\ojsqhythchexfqycxi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\zvfewokzvbztcoxcykg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\mjuungdtqxwrboyebolw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\yryujyrdwzulragi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\ojsqhythchexfqycxi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\yryujyrdwzulragi.exe | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File opened for modification | C:\Windows\zvfewokzvbztcoxcykg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\sregbwvnmvwtfugoncboql.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\ojsqhythchexfqycxi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\yryujyrdwzulragi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\yryujyrdwzulragi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\sregbwvnmvwtfugoncboql.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\zvfewokzvbztcoxcykg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\ojsqhythchexfqycxi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\zvfewokzvbztcoxcykg.exe | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File opened for modification | C:\Windows\sregbwvnmvwtfugoncboql.exe | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File opened for modification | C:\Windows\mjuungdtqxwrboyebolw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\bzlmgaypnvvrcqbigusef.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\sregbwvnmvwtfugoncboql.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\bzlmgaypnvvrcqbigusef.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\yryujyrdwzulragi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\sregbwvnmvwtfugoncboql.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\sregbwvnmvwtfugoncboql.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\sregbwvnmvwtfugoncboql.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\sregbwvnmvwtfugoncboql.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\yryujyrdwzulragi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\ojsqhythchexfqycxi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\bzlmgaypnvvrcqbigusef.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\yryujyrdwzulragi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\mjuungdtqxwrboyebolw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\yryujyrdwzulragi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\mjuungdtqxwrboyebolw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\mjuungdtqxwrboyebolw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\zvfewokzvbztcoxcykg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\mjuungdtqxwrboyebolw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\yryujyrdwzulragi.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\fzheukerlpldkubey.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\sregbwvnmvwtfugoncboql.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\bzlmgaypnvvrcqbigusef.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\yryujyrdwzulragi.exe | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File opened for modification | C:\Windows\mjuungdtqxwrboyebolw.exe | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| File opened for modification | C:\Windows\bzlmgaypnvvrcqbigusef.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bzlmgaypnvvrcqbigusef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fzheukerlpldkubey.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yryujyrdwzulragi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mjuungdtqxwrboyebolw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bzlmgaypnvvrcqbigusef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zvfewokzvbztcoxcykg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yryujyrdwzulragi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ojsqhythchexfqycxi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zvfewokzvbztcoxcykg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bzlmgaypnvvrcqbigusef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yryujyrdwzulragi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bzlmgaypnvvrcqbigusef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zvfewokzvbztcoxcykg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mjuungdtqxwrboyebolw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fzheukerlpldkubey.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zvfewokzvbztcoxcykg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zvfewokzvbztcoxcykg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fzheukerlpldkubey.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ojsqhythchexfqycxi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mjuungdtqxwrboyebolw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fzheukerlpldkubey.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ojsqhythchexfqycxi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fzheukerlpldkubey.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mjuungdtqxwrboyebolw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zvfewokzvbztcoxcykg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zvfewokzvbztcoxcykg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bzlmgaypnvvrcqbigusef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yryujyrdwzulragi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mjuungdtqxwrboyebolw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yryujyrdwzulragi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bzlmgaypnvvrcqbigusef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ojsqhythchexfqycxi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yryujyrdwzulragi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\mvsejo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe"
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."
C:\Users\Admin\AppData\Local\Temp\mvsejo.exe
"C:\Users\Admin\AppData\Local\Temp\mvsejo.exe" "-C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe"
C:\Users\Admin\AppData\Local\Temp\mvsejo.exe
"C:\Users\Admin\AppData\Local\Temp\mvsejo.exe" "-C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe .
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe .
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe .
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe .
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe .
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .
C:\Windows\fzheukerlpldkubey.exe
fzheukerlpldkubey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe
C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe
C:\Windows\mjuungdtqxwrboyebolw.exe
mjuungdtqxwrboyebolw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .
C:\Windows\yryujyrdwzulragi.exe
yryujyrdwzulragi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."
C:\Windows\bzlmgaypnvvrcqbigusef.exe
bzlmgaypnvvrcqbigusef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe
C:\Windows\zvfewokzvbztcoxcykg.exe
zvfewokzvbztcoxcykg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .
C:\Windows\ojsqhythchexfqycxi.exe
ojsqhythchexfqycxi.exe .
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| FR | 52.222.159.143:80 | www.imdb.com | tcp |
| BG | 213.231.140.54:18629 | tcp | |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| BR | 189.110.210.195:37029 | tcp | |
| US | 8.8.8.8:53 | mgpcbgp.net | udp |
| MD | 5.56.114.6:34132 | tcp | |
| US | 8.8.8.8:53 | jbmzprfm.info | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| RS | 94.156.158.219:19631 | tcp | |
| US | 8.8.8.8:53 | dhhkwlatix.net | udp |
| US | 8.8.8.8:53 | dggerxaiqqd.com | udp |
| US | 8.8.8.8:53 | yigmxyjgihoc.info | udp |
| BG | 87.97.174.81:37591 | tcp | |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | piusdaf.info | udp |
| US | 8.8.8.8:53 | aobxhewrsiy.info | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| BG | 77.236.165.175:27133 | tcp | |
| US | 8.8.8.8:53 | yniorrzn.info | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| TW | 114.25.66.163:32525 | tcp | |
| TW | 114.25.66.163:32525 | tcp | |
| US | 8.8.8.8:53 | zmxczjhml.org | udp |
| TR | 78.169.67.181:26921 | tcp | |
| US | 8.8.8.8:53 | nzhrocdfpog.info | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | kyhslb.info | udp |
| US | 8.8.8.8:53 | cptqnmbwxsm.info | udp |
| BG | 77.236.165.175:27133 | tcp | |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| BR | 201.27.210.115:18323 | tcp | |
| SE | 92.2.15.166:26386 | tcp | |
| US | 8.8.8.8:53 | qqpmjufys.net | udp |
| US | 8.8.8.8:53 | vlxtzfdgpsff.net | udp |
| BG | 89.215.196.9:39265 | tcp | |
| US | 8.8.8.8:53 | mdgcvl.info | udp |
| US | 8.8.8.8:53 | gsscwmyyusis.org | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| BG | 77.71.25.133:36089 | tcp | |
| US | 8.8.8.8:53 | acytuge.net | udp |
| BG | 77.236.171.20:33144 | tcp | |
| US | 8.8.8.8:53 | orhqxybbna.info | udp |
| US | 8.8.8.8:53 | eutrjms.info | udp |
| US | 8.8.8.8:53 | vyyynebevwp.com | udp |
| BG | 151.237.114.2:26434 | tcp | |
| US | 8.8.8.8:53 | uuogdcue.net | udp |
| US | 8.8.8.8:53 | quvccdjyr.info | udp |
| RU | 77.35.201.32:37793 | tcp | |
| US | 8.8.8.8:53 | drfshlvqhof.net | udp |
| US | 8.8.8.8:53 | bcoovgglkow.net | udp |
| US | 8.8.8.8:53 | uwmmyeis.com | udp |
| MK | 31.11.76.79:43722 | tcp | |
| US | 8.8.8.8:53 | hjdwltphj.com | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| BG | 78.128.94.67:36130 | tcp | |
| US | 8.8.8.8:53 | vrqsnegazmv.org | udp |
| US | 8.8.8.8:53 | awcqwucmaeui.org | udp |
| US | 8.8.8.8:53 | leviambuswl.net | udp |
| US | 8.8.8.8:53 | whdcfhtnivdg.net | udp |
| US | 8.8.8.8:53 | tkncpuwqb.org | udp |
| US | 8.8.8.8:53 | ttkmvykq.net | udp |
| US | 8.8.8.8:53 | jwtjbphh.info | udp |
| US | 8.8.8.8:53 | ooogqmia.org | udp |
| US | 8.8.8.8:53 | izvlohst.info | udp |
| BG | 77.236.171.20:33144 | tcp | |
| US | 8.8.8.8:53 | lsrmmkbmf.org | udp |
| US | 8.8.8.8:53 | oauqskqauy.com | udp |
| US | 8.8.8.8:53 | apqaidfwpfzp.info | udp |
| US | 8.8.8.8:53 | iiyqke.org | udp |
| US | 8.8.8.8:53 | vcfaaoj.com | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | dmjpvtptlwnr.net | udp |
| US | 8.8.8.8:53 | hfbihufhjue.net | udp |
| US | 8.8.8.8:53 | ljjmlwhk.net | udp |
| US | 8.8.8.8:53 | bltoztdgktok.net | udp |
| US | 8.8.8.8:53 | vkavbfdfzwbh.info | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | xkvsfkhqcl.info | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | oqmcuwwaugwa.com | udp |
| US | 8.8.8.8:53 | mohsdyohd.net | udp |
| US | 8.8.8.8:53 | anbwpjfw.info | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | hjphgcxdon.net | udp |
| US | 8.8.8.8:53 | lifmbpgot.com | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
Files
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
| MD5 | d58cc07de62a1188e63291451b9de901 |
| SHA1 | 058c85e32d1d64ce9b04a35ffdb77bb5eb0421de |
| SHA256 | 32608031ec0164118a9f2c5620f6f7fa4b8ffb32d1f4d2be0f7f2fd8bd2c2e52 |
| SHA512 | 706b50d2101e600609c35b04efda6a00244426af9a7787405237983af678337d322e3e516c9c0857702b36800d244b73fbf7d55847afe46771fe927c25b6dd99 |
C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe
| MD5 | bdee5e351d4080f6d88d3fb9c6c09c60 |
| SHA1 | f8b229a69b7b932ffb0ac6d71aec90137c583a18 |
| SHA256 | 04d3522972566a2b189144c86441058f1af5641a67cdaf39e246f91ba23bf5c5 |
| SHA512 | 35c3b392784ac85f9794e1eb75d55e9d651e2f13782175791eeb07fef86f5360f681e3e0be9d8fe0c6b1495ed4edd07e6eaec2f2c46c5026faa812fb0858842b |
C:\Users\Admin\AppData\Local\Temp\mvsejo.exe
| MD5 | bd122bdeaf4e60238d7257d330720e6f |
| SHA1 | c7ff169684b2cab39ee09be9a7e5408e627a924d |
| SHA256 | aae7baeb2ee7e34d3b84af4a4706c7d7261833e356d2c1a01718a4ecf7bf2b21 |
| SHA512 | e3a94ba919f6a79bdf3ad33c680f798ee2c29a699b602bd13740e7d58286da9e42d2a9314c1a11eb9ec5a34bb82311e68a6a5312e8cc3a09603cbe1b024c6829 |
C:\Users\Admin\AppData\Local\bjfquyghphrxsqlckiqmxbfnowo.ezx
| MD5 | 1e08b94dfc368b18beaf0e8fbd304d96 |
| SHA1 | f87e7648ad39438802de2eabe3331d99abf7352f |
| SHA256 | 9eaafcfa09d8e4f3d4ce3e013a082460aa03fe231f67cb5a1f48db8fb5b59029 |
| SHA512 | 3d3ecb4927c2a473d5cd0c489717a289d8858a361a9652e1d0152881abe4dc3f69d74850a03d9bbe6ebc15d5d3e4e351a27c42c35c101610609eac8cc039346a |
C:\Users\Admin\AppData\Local\yryujyrdwzulragibkdkgvkdpilgxdmsunwpws.wpb
| MD5 | c4bae1849407095acc3bd259f2da73be |
| SHA1 | a8b47e5c0f34c6b30c103117876d8db7c2a7443a |
| SHA256 | 79e03f972fa6005669fd2c2d9fc03f02447903dbec51244ba0f9619c7d628377 |
| SHA512 | 91374c0495d31cc6e12c36542ec6221d82f6c715f9903ea7e2a2eba10f210f5a56cac8bc7e390a1edade335cdbc10253fc24f4184bcc793e14c34d0c95869a43 |
C:\Program Files (x86)\bjfquyghphrxsqlckiqmxbfnowo.ezx
| MD5 | 3c7d8fff5b7d82190628b0535f6f5f1e |
| SHA1 | aa7c1a6c2946cffacb7ef0857d42ca84b9a50412 |
| SHA256 | b41496d424dc6fa4cd3b09db70ec7917d42386c7f6f05e41d9038a9675f225b0 |
| SHA512 | de79a96745f6449a18ccd89aeef38a058f0a20edfcd4a6eb54bc6bd06d534ce1e58f82158e1fef0776a899d8b9d1265451acec0ae73b4a01d28f77fff3909163 |
C:\Program Files (x86)\bjfquyghphrxsqlckiqmxbfnowo.ezx
| MD5 | 00f6e949d4f88631907c456c84afef39 |
| SHA1 | 7d273165af294bbcd13259b471a51d23648abf7e |
| SHA256 | 0fb37f0c058b3fa8276c50b64d9e76f857812c9c65ad6c2e951d7f407ae6f2da |
| SHA512 | 57a133b9c1f410a1bc0ed74422d1814f54b2260bc982f716715a34ad75e88ef26180331d3754de8459d78449c3d2b32b2d3843558d2bcd5e0cba159f43350b53 |
C:\Program Files (x86)\bjfquyghphrxsqlckiqmxbfnowo.ezx
| MD5 | 89976eddd1ec49719dbf87b636ee6526 |
| SHA1 | 63c8b6e6c08e3557e13f7d0e3ad21318d87462db |
| SHA256 | 244ac0a9ba4d54aad39d5d4f10afe74404a42c64812ecf39a9a1ca34fcf8abed |
| SHA512 | 2a6504474fa8a4988f97246617dd08669da7b7d11fe577d4e51f1987de23bed270ad21bb689a8060dda96314b65ce885842b4cf6a9a4163ee97b3a119970b73e |
C:\Program Files (x86)\bjfquyghphrxsqlckiqmxbfnowo.ezx
| MD5 | ba14d975a65874b1f7ddf4a72c4b625e |
| SHA1 | 165ea8777d8851e9a483f4d464e209fc45782b6d |
| SHA256 | 557c82d450b2968bb470c09a8cf0e07cad7f8b0b67e8dc9dc4516a1637c02c4f |
| SHA512 | f351091dc91bae7de14fa4a5a2aa61f029ba35f1b752a3a2e3242fc40342ccd647c4b4614f8f57eb8610ca7b6e93fb35f73b52b32bb0d7a23998af09d34a6b8f |
C:\Program Files (x86)\bjfquyghphrxsqlckiqmxbfnowo.ezx
| MD5 | 95d307b9ddd446b498669e9fa0b3986f |
| SHA1 | 0fa3c14f538683f58bab8810737146c19021f1c3 |
| SHA256 | 3feaa30ff4799545e008aeda6f2c9d1933bd4c2ce6deb2d86313aa0c7861a5d4 |
| SHA512 | 2eaf8c891caf7c2f39a0ebc71441c801d6c86f7f89914674c7aff1508a7453f213a0924ac32c218548237dfcfaba9f494f6d37d2a8c7b0b7d141168aaf81aba5 |
C:\Program Files (x86)\bjfquyghphrxsqlckiqmxbfnowo.ezx
| MD5 | 8dfc36df30478e35e1945017feb046c2 |
| SHA1 | f6c4cd5b1315a6d10b638b38e5c8f8ca775c6d52 |
| SHA256 | 04a2809e0b8e58ad7d3ec0886fe22430f13154e4c999ba1c70422a21d68d795c |
| SHA512 | 003aaf1e2a02c97377d5d4f0de162cf647571317c00cc2f1ddb724703346ba9940e1fd992c18131132635c1401f4275572763c8f0068664926f082893884f7cf |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-18 11:52
Reported
2025-04-18 11:54
Platform
win10v2004-20250314-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfupmjxrsgdxtmjoqzhb.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "lfupmjxrsgdxtmjoqzhb.exe" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfupmjxrsgdxtmjoqzhb.exe" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfupmjxrsgdxtmjoqzhb.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfslgbnfeqldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrfzvrexxkgzumimnvc.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "evhztnypnysjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnypiblbyibrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "yrfzvrexxkgzumimnvc.exe" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfslgbnfeqldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfupmjxrsgdxtmjoqzhb.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "nfslgbnfeqldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "avlhfdsnpecxuomsvfojz.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "evhztnypnysjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "yrfzvrexxkgzumimnvc.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "nfslgbnfeqldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "xnypiblbyibrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfupmjxrsgdxtmjoqzhb.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "yrfzvrexxkgzumimnvc.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "avlhfdsnpecxuomsvfojz.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfslgbnfeqldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnypiblbyibrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "nfslgbnfeqldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnypiblbyibrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "lfupmjxrsgdxtmjoqzhb.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "nfslgbnfeqldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrfzvrexxkgzumimnvc.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "avlhfdsnpecxuomsvfojz.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "evhztnypnysjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "evhztnypnysjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "avlhfdsnpecxuomsvfojz.exe" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "evhztnypnysjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrfzvrexxkgzumimnvc.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "xnypiblbyibrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "lfupmjxrsgdxtmjoqzhb.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfslgbnfeqldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\yrfzvrexxkgzumimnvc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\yrfzvrexxkgzumimnvc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\nfslgbnfeqldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\evhztnypnysjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\nfslgbnfeqldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\evhztnypnysjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\xnypiblbyibrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\avlhfdsnpecxuomsvfojz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\nfslgbnfeqldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\lfupmjxrsgdxtmjoqzhb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\yrfzvrexxkgzumimnvc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\xnypiblbyibrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\nfslgbnfeqldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\xnypiblbyibrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\avlhfdsnpecxuomsvfojz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\evhztnypnysjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\yrfzvrexxkgzumimnvc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\evhztnypnysjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\avlhfdsnpecxuomsvfojz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\evhztnypnysjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\xnypiblbyibrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\avlhfdsnpecxuomsvfojz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\nfslgbnfeqldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\nfslgbnfeqldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\xnypiblbyibrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\xnypiblbyibrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\evhztnypnysjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\yrfzvrexxkgzumimnvc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\evhztnypnysjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\xnypiblbyibrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pdmbsjrfaizndq = "nfslgbnfeqldxojmmt.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrfzvrexxkgzumimnvc.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\shrhzraplumbsgy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfupmjxrsgdxtmjoqzhb.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrfzvrexxkgzumimnvc.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\objxndkxryobq = "xnypiblbyibrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnypiblbyibrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "avlhfdsnpecxuomsvfojz.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnypiblbyibrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "nfslgbnfeqldxojmmt.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnypiblbyibrjyrs.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "xnypiblbyibrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "yrfzvrexxkgzumimnvc.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\shrhzraplumbsgy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "xnypiblbyibrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnypiblbyibrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "avlhfdsnpecxuomsvfojz.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "lfupmjxrsgdxtmjoqzhb.exe" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\shrhzraplumbsgy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\shrhzraplumbsgy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "nfslgbnfeqldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "nfslgbnfeqldxojmmt.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pdmbsjrfaizndq = "xnypiblbyibrjyrs.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnypiblbyibrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfslgbnfeqldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrfzvrexxkgzumimnvc.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\objxndkxryobq = "lfupmjxrsgdxtmjoqzhb.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "xnypiblbyibrjyrs.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\objxndkxryobq = "evhztnypnysjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfslgbnfeqldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\objxndkxryobq = "yrfzvrexxkgzumimnvc.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pdmbsjrfaizndq = "xnypiblbyibrjyrs.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\objxndkxryobq = "lfupmjxrsgdxtmjoqzhb.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\shrhzraplumbsgy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfslgbnfeqldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\shrhzraplumbsgy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfupmjxrsgdxtmjoqzhb.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pdmbsjrfaizndq = "xnypiblbyibrjyrs.exe ." | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "yrfzvrexxkgzumimnvc.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfslgbnfeqldxojmmt.exe ." | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfslgbnfeqldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrfzvrexxkgzumimnvc.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pdmbsjrfaizndq = "yrfzvrexxkgzumimnvc.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\objxndkxryobq = "evhztnypnysjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\objxndkxryobq = "yrfzvrexxkgzumimnvc.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "yrfzvrexxkgzumimnvc.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "xnypiblbyibrjyrs.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "avlhfdsnpecxuomsvfojz.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\objxndkxryobq = "evhztnypnysjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "yrfzvrexxkgzumimnvc.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pdmbsjrfaizndq = "xnypiblbyibrjyrs.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\shrhzraplumbsgy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfslgbnfeqldxojmmt.exe ." | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\objxndkxryobq = "xnypiblbyibrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "nfslgbnfeqldxojmmt.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xnypiblbyibrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xnypiblbyibrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avlhfdsnpecxuomsvfojz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File created | C:\Windows\SysWOW64\fhehmrnpyuzbfglyizprorwb.zie | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xnypiblbyibrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\objxndkxryobqcsqlnobjxndkxryobqcsql.obj | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xnypiblbyibrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rnebazploedzxsrycnxtkh.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rnebazploedzxsrycnxtkh.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evhztnypnysjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evhztnypnysjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rnebazploedzxsrycnxtkh.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evhztnypnysjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rnebazploedzxsrycnxtkh.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rnebazploedzxsrycnxtkh.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rnebazploedzxsrycnxtkh.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rnebazploedzxsrycnxtkh.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xnypiblbyibrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evhztnypnysjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rnebazploedzxsrycnxtkh.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avlhfdsnpecxuomsvfojz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avlhfdsnpecxuomsvfojz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avlhfdsnpecxuomsvfojz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rnebazploedzxsrycnxtkh.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avlhfdsnpecxuomsvfojz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xnypiblbyibrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evhztnypnysjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rnebazploedzxsrycnxtkh.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xnypiblbyibrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\objxndkxryobqcsqlnobjxndkxryobqcsql.obj | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\fhehmrnpyuzbfglyizprorwb.zie | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| File created | C:\Program Files (x86)\fhehmrnpyuzbfglyizprorwb.zie | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\objxndkxryobqcsqlnobjxndkxryobqcsql.obj | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\lfupmjxrsgdxtmjoqzhb.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\evhztnypnysjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\evhztnypnysjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\avlhfdsnpecxuomsvfojz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\xnypiblbyibrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\nfslgbnfeqldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\avlhfdsnpecxuomsvfojz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\lfupmjxrsgdxtmjoqzhb.exe | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| File opened for modification | C:\Windows\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\evhztnypnysjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\rnebazploedzxsrycnxtkh.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\avlhfdsnpecxuomsvfojz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\xnypiblbyibrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\rnebazploedzxsrycnxtkh.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\avlhfdsnpecxuomsvfojz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\avlhfdsnpecxuomsvfojz.exe | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| File opened for modification | C:\Windows\fhehmrnpyuzbfglyizprorwb.zie | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| File opened for modification | C:\Windows\lfupmjxrsgdxtmjoqzhb.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\evhztnypnysjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\nfslgbnfeqldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\avlhfdsnpecxuomsvfojz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\avlhfdsnpecxuomsvfojz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\avlhfdsnpecxuomsvfojz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\avlhfdsnpecxuomsvfojz.exe | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| File opened for modification | C:\Windows\nfslgbnfeqldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\nfslgbnfeqldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\lfupmjxrsgdxtmjoqzhb.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\rnebazploedzxsrycnxtkh.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\evhztnypnysjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\evhztnypnysjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\lfupmjxrsgdxtmjoqzhb.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\nfslgbnfeqldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\objxndkxryobqcsqlnobjxndkxryobqcsql.obj | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| File opened for modification | C:\Windows\avlhfdsnpecxuomsvfojz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\nfslgbnfeqldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\xnypiblbyibrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\xnypiblbyibrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\rnebazploedzxsrycnxtkh.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\evhztnypnysjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\rnebazploedzxsrycnxtkh.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\rnebazploedzxsrycnxtkh.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\avlhfdsnpecxuomsvfojz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\lfupmjxrsgdxtmjoqzhb.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\nfslgbnfeqldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| File opened for modification | C:\Windows\yrfzvrexxkgzumimnvc.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\evhztnypnysjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\rnebazploedzxsrycnxtkh.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\xnypiblbyibrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\rnebazploedzxsrycnxtkh.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\nfslgbnfeqldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\evhztnypnysjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\xnypiblbyibrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\evhztnypnysjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\xnypiblbyibrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\rnebazploedzxsrycnxtkh.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\avlhfdsnpecxuomsvfojz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yrfzvrexxkgzumimnvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnypiblbyibrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\nfslgbnfeqldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yrfzvrexxkgzumimnvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnypiblbyibrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnypiblbyibrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\avlhfdsnpecxuomsvfojz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yrfzvrexxkgzumimnvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yrfzvrexxkgzumimnvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnypiblbyibrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\nfslgbnfeqldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\avlhfdsnpecxuomsvfojz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnypiblbyibrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\evhztnypnysjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\nfslgbnfeqldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lfupmjxrsgdxtmjoqzhb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnypiblbyibrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnypiblbyibrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnypiblbyibrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\evhztnypnysjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\evhztnypnysjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\avlhfdsnpecxuomsvfojz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnypiblbyibrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnypiblbyibrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnypiblbyibrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yrfzvrexxkgzumimnvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\evhztnypnysjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lfupmjxrsgdxtmjoqzhb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnypiblbyibrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yrfzvrexxkgzumimnvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\evhztnypnysjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\nfslgbnfeqldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\afflt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe"
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."
C:\Users\Admin\AppData\Local\Temp\afflt.exe
"C:\Users\Admin\AppData\Local\Temp\afflt.exe" "-C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe"
C:\Users\Admin\AppData\Local\Temp\afflt.exe
"C:\Users\Admin\AppData\Local\Temp\afflt.exe" "-C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe .
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe .
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe .
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe .
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe .
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\evhztnypnysjcsmon.exe
evhztnypnysjcsmon.exe
C:\Windows\avlhfdsnpecxuomsvfojz.exe
avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\nfslgbnfeqldxojmmt.exe
nfslgbnfeqldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe
C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .
C:\Windows\yrfzvrexxkgzumimnvc.exe
yrfzvrexxkgzumimnvc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."
C:\Windows\xnypiblbyibrjyrs.exe
xnypiblbyibrjyrs.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 142.251.31.91:80 | www.youtube.com | tcp |
| DE | 116.203.215.11:31803 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | sehciwrxa.net | udp |
| US | 8.8.8.8:53 | dqvezdvcw.com | udp |
| US | 8.8.8.8:53 | syrvtwtfzy.info | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | wqjdcdj.net | udp |
| US | 8.8.8.8:53 | zcfujytjyzb.info | udp |
| US | 8.8.8.8:53 | dgelskplzhpr.net | udp |
| US | 8.8.8.8:53 | yxhytljuvmnj.info | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | jpbinbzwz.info | udp |
| US | 8.8.8.8:53 | vsqhdvrxwill.net | udp |
| US | 8.8.8.8:53 | bpfezdoc.net | udp |
| US | 8.8.8.8:53 | nkqyzjdbvst.net | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | ucsiqawm.org | udp |
| US | 8.8.8.8:53 | cdnvtqfayzot.net | udp |
| US | 8.8.8.8:53 | fmkchlp.net | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | vvtkffnc.net | udp |
| US | 8.8.8.8:53 | wcymrcxut.info | udp |
| US | 8.8.8.8:53 | pybezriyv.net | udp |
| US | 8.8.8.8:53 | ggoiisygwcmc.org | udp |
| US | 8.8.8.8:53 | dzevrqzfcs.info | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | mgoakski.org | udp |
| US | 8.8.8.8:53 | fgpavwvmqazy.net | udp |
| US | 8.8.8.8:53 | oihooeumus.net | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | enuzvfjssg.net | udp |
| US | 8.8.8.8:53 | hhxlfg.net | udp |
| US | 8.8.8.8:53 | lazeqaq.info | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | njsrbmva.net | udp |
| US | 8.8.8.8:53 | vmizskerfk.info | udp |
| US | 8.8.8.8:53 | zflsqqudot.net | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | npsamycinqi.net | udp |
| US | 8.8.8.8:53 | rowgtwgb.net | udp |
| US | 8.8.8.8:53 | nepasmb.net | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | wqockoqwuc.org | udp |
| US | 8.8.8.8:53 | dmaexyb.net | udp |
| US | 8.8.8.8:53 | lvhrpmwexg.net | udp |
| US | 8.8.8.8:53 | geaxvu.info | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | jkdxjkzn.net | udp |
| US | 8.8.8.8:53 | vrrzzib.com | udp |
| US | 8.8.8.8:53 | ywknbghwrub.net | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | sqnmliyuzou.net | udp |
| US | 8.8.8.8:53 | fyamvoautdy.info | udp |
| US | 8.8.8.8:53 | tfffvple.net | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | rwxmfasohtq.com | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | plvzfbz.info | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | eogunlgw.net | udp |
| US | 8.8.8.8:53 | jssewqd.org | udp |
| US | 8.8.8.8:53 | dlrfmsvzin.net | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | ebmmrt.info | udp |
| US | 8.8.8.8:53 | kuusasowiu.com | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | midcbxgy.net | udp |
| US | 8.8.8.8:53 | ohoapxl.info | udp |
| US | 8.8.8.8:53 | wsoyimea.org | udp |
| US | 8.8.8.8:53 | mqrwfsb.net | udp |
| US | 8.8.8.8:53 | sgwwmouiqo.com | udp |
| US | 8.8.8.8:53 | qqwuicmm.com | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | oesukj.net | udp |
| US | 8.8.8.8:53 | cogzuezadjr.net | udp |
| US | 8.8.8.8:53 | hekogukffjjs.net | udp |
| US | 8.8.8.8:53 | mjrdfyh.net | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | aoplkiv.info | udp |
| US | 8.8.8.8:53 | bbbhxfzana.info | udp |
| US | 8.8.8.8:53 | qgghjtumbn.net | udp |
| US | 8.8.8.8:53 | oobbvxz.info | udp |
| US | 8.8.8.8:53 | cnjahstkpac.net | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | bwaaxjz.net | udp |
| US | 8.8.8.8:53 | zdxhhurx.info | udp |
| US | 8.8.8.8:53 | ecaqemyg.com | udp |
| US | 8.8.8.8:53 | megogq.org | udp |
| US | 8.8.8.8:53 | vhzzzh.net | udp |
| US | 8.8.8.8:53 | xyvmqzpiiw.net | udp |
| US | 8.8.8.8:53 | ugcygcyup.info | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | oezkduhsd.info | udp |
| US | 8.8.8.8:53 | dgxzatecqivr.info | udp |
| BG | 5.53.158.130:20773 | tcp | |
| US | 8.8.8.8:53 | pvqbvhaw.info | udp |
| US | 8.8.8.8:53 | hoyepoxuv.info | udp |
| US | 8.8.8.8:53 | lcmcxyukdrx.info | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | abbodqzxxo.info | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | mdtwxoi.info | udp |
| US | 8.8.8.8:53 | rizwgujypuf.info | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | vtjmkcnc.info | udp |
| US | 8.8.8.8:53 | mksamumssqui.org | udp |
| US | 8.8.8.8:53 | gsoqks.org | udp |
| US | 8.8.8.8:53 | nlgcgvzaqfqg.info | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | uaiaoacq.org | udp |
| US | 8.8.8.8:53 | seesxedzloxh.net | udp |
| US | 8.8.8.8:53 | syggaowoiuwe.com | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | ekzqzadcjgo.net | udp |
| US | 8.8.8.8:53 | cvzepbvlnc.net | udp |
| US | 8.8.8.8:53 | apajoy.net | udp |
| US | 8.8.8.8:53 | osvppx.info | udp |
| US | 8.8.8.8:53 | zndmeitwdxv.org | udp |
| US | 8.8.8.8:53 | nmwqkd.net | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | ncnpflbqh.org | udp |
| US | 8.8.8.8:53 | jubhlpdmz.net | udp |
| US | 8.8.8.8:53 | bhlybedwh.info | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | dkhgjgc.com | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | twpyffi.org | udp |
| US | 8.8.8.8:53 | vyryulcb.net | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| KZ | 95.58.12.59:21832 | tcp | |
| US | 8.8.8.8:53 | efpujq.net | udp |
| US | 8.8.8.8:53 | wayiga.org | udp |
| US | 8.8.8.8:53 | mjzrdjf.net | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | bcrtln.net | udp |
| US | 8.8.8.8:53 | ugxkprponp.info | udp |
| US | 8.8.8.8:53 | zmrksxx.net | udp |
| US | 8.8.8.8:53 | ykzejkr.info | udp |
| US | 8.8.8.8:53 | corrrdh.info | udp |
| US | 8.8.8.8:53 | iaxdrsotynt.net | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | svrfyptdcyie.info | udp |
| US | 8.8.8.8:53 | cyeimkweuwmy.com | udp |
| US | 8.8.8.8:53 | nqddxab.com | udp |
| US | 8.8.8.8:53 | tszuhktnf.org | udp |
| US | 8.8.8.8:53 | ffmichmgdu.info | udp |
| US | 8.8.8.8:53 | ukmzic.net | udp |
| US | 8.8.8.8:53 | egoymxke.net | udp |
| US | 8.8.8.8:53 | jansoebilxe.net | udp |
| US | 8.8.8.8:53 | qvkigqsy.net | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | ycmmgusg.com | udp |
| US | 8.8.8.8:53 | cygeoy.org | udp |
| US | 8.8.8.8:53 | putqyeb.net | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | keeszmd.info | udp |
| US | 8.8.8.8:53 | bjfsfiztdka.net | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | hruecw.net | udp |
| US | 8.8.8.8:53 | pmxahwsyzf.net | udp |
| US | 8.8.8.8:53 | rmkrls.net | udp |
| US | 8.8.8.8:53 | tnrvfgyztvmt.net | udp |
| US | 8.8.8.8:53 | ccynxkm.info | udp |
| US | 8.8.8.8:53 | pozuxkh.com | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | ckaugc.com | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | ndrczml.net | udp |
| US | 8.8.8.8:53 | nrjqtifyb.com | udp |
| US | 8.8.8.8:53 | xvnonqecpco.com | udp |
| US | 8.8.8.8:53 | dtzmdkjn.info | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | bwkhrzh.org | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | youqfcjwo.net | udp |
| US | 8.8.8.8:53 | kioqaciicyys.com | udp |
| US | 8.8.8.8:53 | lgxweyl.com | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | ewzgsqreozs.net | udp |
| US | 8.8.8.8:53 | zpqnptmffn.info | udp |
| US | 8.8.8.8:53 | qohcngigt.net | udp |
| US | 8.8.8.8:53 | iigakwmgam.com | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | obmehgleewzw.info | udp |
| US | 8.8.8.8:53 | ikoqskgsesoa.org | udp |
| US | 8.8.8.8:53 | hjcnpiqcksax.info | udp |
| US | 8.8.8.8:53 | rcuwesfzn.info | udp |
| US | 8.8.8.8:53 | suvgxjrg.net | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | vgjlhibcb.org | udp |
| US | 8.8.8.8:53 | riyyqerx.net | udp |
| US | 8.8.8.8:53 | ggrqrghii.net | udp |
| US | 8.8.8.8:53 | rxmsbotduncs.info | udp |
| US | 8.8.8.8:53 | eefufemkpwq.info | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | ttnesgpv.info | udp |
| RU | 109.110.63.134:24405 | tcp | |
| US | 8.8.8.8:53 | qcbmiixnr.net | udp |
| US | 8.8.8.8:53 | occmwcso.com | udp |
| US | 8.8.8.8:53 | knjkhgii.info | udp |
| US | 8.8.8.8:53 | xueseudn.info | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | rebobnnyksr.net | udp |
| US | 8.8.8.8:53 | ioofwv.net | udp |
| US | 8.8.8.8:53 | akprxj.net | udp |
| US | 8.8.8.8:53 | fcdadbvijtdv.info | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | uwjqpkjbf.net | udp |
| US | 8.8.8.8:53 | wnpnlvjszgv.net | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | ncdceebd.info | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | bwjkpsxdlqio.net | udp |
| US | 8.8.8.8:53 | ftbleog.net | udp |
| US | 8.8.8.8:53 | mulcvdg.info | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | hxmirbrwnx.net | udp |
| US | 8.8.8.8:53 | vyvyjmeaosid.net | udp |
| US | 8.8.8.8:53 | ycxqtxpczwo.info | udp |
| US | 8.8.8.8:53 | nqjhhj.net | udp |
| US | 8.8.8.8:53 | bxxdxqiwxij.org | udp |
| US | 8.8.8.8:53 | kijwkkhi.net | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | xsfqaxr.org | udp |
| US | 8.8.8.8:53 | buvxhaxaz.com | udp |
| US | 8.8.8.8:53 | oahmrh.info | udp |
| US | 8.8.8.8:53 | vgrkxrlpjwgo.info | udp |
| US | 8.8.8.8:53 | ukiouaqo.com | udp |
| US | 8.8.8.8:53 | jalnisdrxv.info | udp |
| US | 8.8.8.8:53 | wacccu.com | udp |
| US | 8.8.8.8:53 | pwrunxoyy.info | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | lvpmxt.info | udp |
| US | 8.8.8.8:53 | wppzyynk.net | udp |
| US | 8.8.8.8:53 | cydwvmbog.info | udp |
| US | 8.8.8.8:53 | ygmgiqsk.com | udp |
| US | 8.8.8.8:53 | fqhdfktrliay.net | udp |
| US | 8.8.8.8:53 | zvckwl.info | udp |
| US | 8.8.8.8:53 | dvdaitkxlpdd.info | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | fuxgaitiaah.org | udp |
| US | 8.8.8.8:53 | mhfrwkrahpjo.info | udp |
| US | 8.8.8.8:53 | pmngyuxnvuyr.info | udp |
| LT | 78.60.70.116:40348 | tcp | |
| US | 8.8.8.8:53 | uuesbj.info | udp |
| US | 8.8.8.8:53 | zkdanlmh.info | udp |
| US | 8.8.8.8:53 | icnyvie.net | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | agvgix.info | udp |
| US | 8.8.8.8:53 | xsvaemvnthvd.info | udp |
| US | 8.8.8.8:53 | wqxqxoimcmhs.net | udp |
| US | 8.8.8.8:53 | dhzkwy.net | udp |
| US | 8.8.8.8:53 | hapcvminvor.org | udp |
| US | 8.8.8.8:53 | hydchcldclom.net | udp |
| US | 8.8.8.8:53 | vrfzspdzjsl.org | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | laujkoczih.info | udp |
| US | 8.8.8.8:53 | hrktybmqvudb.net | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | njmkhnhyeyt.info | udp |
| US | 8.8.8.8:53 | vymehinmh.org | udp |
| US | 8.8.8.8:53 | scdfnsykn.net | udp |
| US | 8.8.8.8:53 | kvvnahthyr.info | udp |
| US | 8.8.8.8:53 | mqmusaseioos.com | udp |
| US | 8.8.8.8:53 | aypqhyhqr.info | udp |
| US | 8.8.8.8:53 | iyeehnm.info | udp |
| US | 8.8.8.8:53 | cefadodit.net | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | gaufzuhtlm.net | udp |
| US | 8.8.8.8:53 | tyejybqe.info | udp |
| US | 8.8.8.8:53 | djfggabkdxu.net | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | ipftuktg.info | udp |
| US | 8.8.8.8:53 | lxmxyw.info | udp |
| US | 8.8.8.8:53 | nfpghbqjqeoz.info | udp |
| US | 8.8.8.8:53 | vjwlnmpiuwwn.net | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | pnoixj.info | udp |
| US | 8.8.8.8:53 | eipcsotovcy.info | udp |
| US | 8.8.8.8:53 | bhxlbvxevd.info | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | bcduzrwgklw.net | udp |
| US | 8.8.8.8:53 | fpboby.net | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | otrncozw.info | udp |
| US | 8.8.8.8:53 | uxzpeylehgx.info | udp |
| US | 8.8.8.8:53 | uqabcxeglyof.info | udp |
| US | 8.8.8.8:53 | pgdwedwos.info | udp |
| US | 8.8.8.8:53 | kzymvcjzyc.info | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | mipgjarvuuua.net | udp |
| US | 8.8.8.8:53 | ewvlqklkmam.info | udp |
| RU | 46.252.124.26:19228 | tcp | |
| US | 8.8.8.8:53 | cwmuok.org | udp |
| US | 8.8.8.8:53 | jjpyrgbgtoa.com | udp |
| US | 8.8.8.8:53 | htkkdc.info | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | bhqgkgau.info | udp |
| US | 8.8.8.8:53 | dhswvice.info | udp |
| US | 8.8.8.8:53 | bbquoh.net | udp |
| US | 8.8.8.8:53 | sikcwyig.org | udp |
| US | 8.8.8.8:53 | vdvqxias.info | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | sqxovalsxul.net | udp |
| US | 8.8.8.8:53 | kmzumhrqjjft.info | udp |
| US | 8.8.8.8:53 | kxyuozlwmlhj.info | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | lmvcrancf.com | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | bhfuppqcv.net | udp |
| US | 8.8.8.8:53 | oackhmn.net | udp |
| US | 8.8.8.8:53 | qkqinfcouw.info | udp |
| US | 8.8.8.8:53 | yhhzdbrkmfic.info | udp |
| US | 8.8.8.8:53 | eiccme.org | udp |
| US | 8.8.8.8:53 | fgtfxntyluvc.net | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | qvhsyenu.net | udp |
| US | 8.8.8.8:53 | hjucwjcg.info | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | iixqhbp.info | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | gazefmucduz.info | udp |
| US | 8.8.8.8:53 | qgpgoovlltj.net | udp |
| US | 8.8.8.8:53 | bjpkejhxsxrv.info | udp |
| US | 8.8.8.8:53 | qivcfzf.info | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | hyrlqmsvzljs.info | udp |
| BG | 130.204.128.71:34377 | tcp | |
| US | 8.8.8.8:53 | yeauom.com | udp |
| US | 8.8.8.8:53 | tspwjcv.net | udp |
| US | 8.8.8.8:53 | qmsfriz.info | udp |
| US | 8.8.8.8:53 | cwcyaa.com | udp |
| US | 8.8.8.8:53 | cavbvixeibj.net | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | tkxgylbmaus.net | udp |
| US | 8.8.8.8:53 | iixjlujr.net | udp |
| US | 8.8.8.8:53 | nsukeerez.net | udp |
| US | 8.8.8.8:53 | tmtilsrmt.com | udp |
| US | 8.8.8.8:53 | qcmwaiisui.com | udp |
| US | 8.8.8.8:53 | fpdzcf.net | udp |
| US | 8.8.8.8:53 | tcncdtfll.org | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | mgqeqc.com | udp |
| US | 8.8.8.8:53 | mfchjz.info | udp |
| US | 8.8.8.8:53 | ujmseyynas.net | udp |
| US | 8.8.8.8:53 | bjhednehsxuc.net | udp |
| US | 8.8.8.8:53 | iqxyxwdgndx.info | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | vwzyzptqxcc.info | udp |
| US | 8.8.8.8:53 | kqgdnff.info | udp |
| US | 8.8.8.8:53 | aqjwzgc.net | udp |
| US | 8.8.8.8:53 | fyqswgqkfmn.info | udp |
| US | 8.8.8.8:53 | jvtsrshltca.info | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | flbqaejcnfo.org | udp |
| US | 8.8.8.8:53 | qenwlanthj.net | udp |
| US | 8.8.8.8:53 | zapcjiqwl.com | udp |
| US | 8.8.8.8:53 | fiqhvg.net | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | bvzvraxzhztt.net | udp |
| US | 8.8.8.8:53 | wtvqfp.info | udp |
| US | 8.8.8.8:53 | tlplrswl.info | udp |
| US | 8.8.8.8:53 | amqwqbxglhai.info | udp |
| US | 8.8.8.8:53 | qmkblogxnxc.info | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | bjgtfrhemd.info | udp |
| US | 8.8.8.8:53 | fzquolomju.info | udp |
| US | 8.8.8.8:53 | kuvclswjv.net | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | nuwxblwhcrzx.info | udp |
| US | 8.8.8.8:53 | lrjgmct.net | udp |
| US | 8.8.8.8:53 | zahnslpsimhq.net | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | anxkfypgxqj.net | udp |
| US | 8.8.8.8:53 | yrbrplsyvi.net | udp |
| US | 8.8.8.8:53 | uemmpqx.info | udp |
| US | 8.8.8.8:53 | yqeguwesag.com | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | awqiywgo.com | udp |
| US | 8.8.8.8:53 | lmdyvca.org | udp |
| US | 8.8.8.8:53 | vwvwywdoh.net | udp |
| US | 8.8.8.8:53 | ymdjuv.net | udp |
| US | 8.8.8.8:53 | augkpssgn.net | udp |
| US | 8.8.8.8:53 | mmyups.info | udp |
| US | 8.8.8.8:53 | xgzqtcrcx.info | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | vvnrjttc.net | udp |
| US | 8.8.8.8:53 | laydfipusg.net | udp |
| US | 8.8.8.8:53 | wokwfed.info | udp |
| US | 8.8.8.8:53 | caddwfdxf.info | udp |
| US | 8.8.8.8:53 | lmztgrgutd.info | udp |
| US | 8.8.8.8:53 | owzodol.net | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | hcjihgzldyr.org | udp |
| US | 8.8.8.8:53 | ymlvnuortib.info | udp |
| US | 8.8.8.8:53 | lofecflgqw.net | udp |
| US | 8.8.8.8:53 | iosaquue.org | udp |
| US | 8.8.8.8:53 | pvawaqhwljb.info | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | izbhnj.info | udp |
| US | 8.8.8.8:53 | tubrrdfdlhrc.net | udp |
| US | 8.8.8.8:53 | hllnzrt.org | udp |
| US | 8.8.8.8:53 | noaxgrj.net | udp |
| US | 8.8.8.8:53 | sckegams.org | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | wdgbllvsu.net | udp |
| US | 8.8.8.8:53 | bdnhjj.net | udp |
| US | 8.8.8.8:53 | natzczwe.info | udp |
| US | 8.8.8.8:53 | dvbgdeeyb.info | udp |
| US | 8.8.8.8:53 | ddnsggv.net | udp |
| US | 8.8.8.8:53 | waxniiqcoa.net | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | csvhszkn.net | udp |
| US | 8.8.8.8:53 | ylvdmoacbcby.net | udp |
| US | 8.8.8.8:53 | ueakvvvuxsx.info | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | wemwmk.com | udp |
| US | 8.8.8.8:53 | kttxoshkt.info | udp |
| US | 8.8.8.8:53 | zoyrfkl.com | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | xwjsrww.net | udp |
| US | 8.8.8.8:53 | wiwuyqucmy.com | udp |
| US | 8.8.8.8:53 | kukcoaeqogew.org | udp |
| US | 8.8.8.8:53 | byncqgdrp.net | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | tdtfkghr.info | udp |
| US | 8.8.8.8:53 | uccngvtazn.info | udp |
| RU | 77.35.201.32:37793 | tcp | |
| US | 8.8.8.8:53 | iotwrfenggs.info | udp |
| US | 8.8.8.8:53 | gtfeyrdohspd.net | udp |
| US | 8.8.8.8:53 | kcogssomaske.org | udp |
| US | 8.8.8.8:53 | iivixanid.info | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | xevglyhyqfb.net | udp |
| US | 8.8.8.8:53 | ignjoukdhogb.net | udp |
| US | 8.8.8.8:53 | ashwsez.info | udp |
| US | 8.8.8.8:53 | oknntw.net | udp |
| US | 8.8.8.8:53 | swdvbyf.net | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | egwoee.com | udp |
| US | 8.8.8.8:53 | laeuhcxmhej.org | udp |
| US | 8.8.8.8:53 | ygmshyw.info | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | olfijm.net | udp |
| US | 8.8.8.8:53 | qywxjrv.info | udp |
| US | 8.8.8.8:53 | jedozhtwlm.info | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | aukyvwh.net | udp |
| US | 8.8.8.8:53 | byrczsvqbep.net | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | eqjeryub.net | udp |
| US | 8.8.8.8:53 | vndtuvkbqn.net | udp |
| US | 8.8.8.8:53 | revuncvwh.info | udp |
| US | 8.8.8.8:53 | ngfmbp.net | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | japhxc.net | udp |
| US | 8.8.8.8:53 | fypmyau.net | udp |
| US | 8.8.8.8:53 | eqjbsubh.info | udp |
| US | 8.8.8.8:53 | zvieicl.net | udp |
| US | 8.8.8.8:53 | tmewxhvsi.org | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | nygqlgcq.info | udp |
| US | 8.8.8.8:53 | nlfacb.info | udp |
| US | 8.8.8.8:53 | klkgbdahiwui.info | udp |
| US | 8.8.8.8:53 | jcjydup.org | udp |
| US | 8.8.8.8:53 | tcyormp.info | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | aedkbqjqc.net | udp |
| US | 8.8.8.8:53 | bwgybqtqg.org | udp |
| US | 8.8.8.8:53 | myfwnis.info | udp |
| MD | 5.56.114.6:34132 | tcp | |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | fatrwodcn.org | udp |
| US | 8.8.8.8:53 | koyyscmu.com | udp |
| US | 8.8.8.8:53 | fpwlpixhgaos.net | udp |
| US | 8.8.8.8:53 | xyoxjm.info | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | aogqfjl.info | udp |
| US | 8.8.8.8:53 | kigmyiwuss.org | udp |
| US | 8.8.8.8:53 | sdlulmf.net | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | dmyydjvty.org | udp |
| RO | 91.239.128.186:34591 | tcp | |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| NL | 173.194.69.94:80 | c.pki.goog | tcp |
| RO | 91.239.128.186:34591 | tcp | |
| US | 8.8.8.8:53 | ccbuzsmmnwg.net | udp |
| RU | 95.70.118.170:20980 | tcp | |
| US | 8.8.8.8:53 | mawgljzxjh.info | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | xrnkgyjuqfeg.net | udp |
| US | 8.8.8.8:53 | cqddhwc.net | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | aekckwei.com | udp |
| US | 8.8.8.8:53 | ounteiv.net | udp |
| US | 8.8.8.8:53 | rwwwriokp.net | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | xeaizijityu.org | udp |
| US | 8.8.8.8:53 | mwxikev.net | udp |
| KZ | 95.58.12.59:21832 | tcp | |
| US | 8.8.8.8:53 | qqlwaep.info | udp |
| US | 8.8.8.8:53 | qbbshs.net | udp |
| US | 8.8.8.8:53 | wsfxpojsfpck.net | udp |
| US | 8.8.8.8:53 | irlmvlrya.net | udp |
| US | 8.8.8.8:53 | msinvgj.info | udp |
| US | 8.8.8.8:53 | rwklkcu.net | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | zyizrbp.com | udp |
| US | 8.8.8.8:53 | gcmgridxp.info | udp |
| RS | 94.156.158.219:19631 | tcp | |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | qmrqnnaibpbj.info | udp |
| US | 8.8.8.8:53 | runsxfl.net | udp |
| US | 8.8.8.8:53 | zyaxhqfgy.org | udp |
| US | 8.8.8.8:53 | wmrvrqpilql.info | udp |
| US | 8.8.8.8:53 | gqcehci.info | udp |
| US | 8.8.8.8:53 | xvrozoypmj.info | udp |
| US | 8.8.8.8:53 | wkwehtqvgz.net | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | dnclmcrprd.info | udp |
| US | 8.8.8.8:53 | mqqiqiuqkkyw.com | udp |
| US | 8.8.8.8:53 | viuowpurajfi.info | udp |
| US | 8.8.8.8:53 | rnnqoel.org | udp |
| US | 8.8.8.8:53 | pcuqjp.net | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | ywywqcem.com | udp |
| US | 8.8.8.8:53 | wdrogymszt.info | udp |
| US | 8.8.8.8:53 | jsdmnlbk.net | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | llztpyevmcb.com | udp |
| US | 8.8.8.8:53 | bcvviich.net | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | zaouhtwbpr.net | udp |
| US | 8.8.8.8:53 | xxbnrxbojfty.info | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | irybdymegzoj.net | udp |
| US | 8.8.8.8:53 | hpdmtkuofyxc.net | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | ohkeets.net | udp |
| US | 8.8.8.8:53 | bkikddrnnkn.net | udp |
| US | 8.8.8.8:53 | vbllui.info | udp |
| US | 8.8.8.8:53 | ayceaeogegmc.org | udp |
| US | 8.8.8.8:53 | ghvluw.info | udp |
| US | 8.8.8.8:53 | eyloictmjkv.info | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | hozurkc.org | udp |
| US | 8.8.8.8:53 | lrhixqmise.net | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | vrdghpqh.info | udp |
| US | 8.8.8.8:53 | muwzkevi.info | udp |
| BG | 77.236.165.175:27133 | tcp | |
| US | 8.8.8.8:53 | oowyaock.org | udp |
| US | 8.8.8.8:53 | rybwlvut.info | udp |
| US | 8.8.8.8:53 | cpgpwgdwkfkh.net | udp |
| US | 8.8.8.8:53 | jqfijitjd.com | udp |
| US | 8.8.8.8:53 | yxxxvp.net | udp |
| US | 8.8.8.8:53 | jupcjjpuvahh.info | udp |
| US | 8.8.8.8:53 | zbvxcawqg.org | udp |
| US | 8.8.8.8:53 | kabpyee.info | udp |
| US | 8.8.8.8:53 | uqdquodht.info | udp |
| US | 8.8.8.8:53 | nyxlmeviwn.info | udp |
| US | 8.8.8.8:53 | jsdwpu.info | udp |
| US | 8.8.8.8:53 | gackrmjzg.info | udp |
| US | 8.8.8.8:53 | zvussvxjquoq.info | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | zvhnfzmd.info | udp |
| US | 8.8.8.8:53 | yshkavzsr.info | udp |
| US | 8.8.8.8:53 | uwoaqcug.com | udp |
| US | 8.8.8.8:53 | euouqqmq.com | udp |
| US | 8.8.8.8:53 | xsgyinczlkmj.info | udp |
| US | 8.8.8.8:53 | bpbygz.info | udp |
| US | 8.8.8.8:53 | jbrgsvxidgjn.info | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | qarsjiqwl.net | udp |
| US | 8.8.8.8:53 | daeibvh.net | udp |
| US | 8.8.8.8:53 | oeztro.net | udp |
| US | 8.8.8.8:53 | ffhyheh.net | udp |
| US | 8.8.8.8:53 | uwsspsy.info | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | oyfajuxj.net | udp |
| US | 8.8.8.8:53 | bdhwwjjj.info | udp |
| US | 8.8.8.8:53 | uupajebnvik.info | udp |
| US | 8.8.8.8:53 | upsxne.info | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | jwnqhrhupyg.net | udp |
| US | 8.8.8.8:53 | rszktpnmv.com | udp |
| US | 8.8.8.8:53 | fzfgsgvn.net | udp |
| US | 8.8.8.8:53 | qucglhn.info | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | wsslhctxrzh.net | udp |
| US | 8.8.8.8:53 | gyroqyd.info | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | xhfuhgdouxvx.net | udp |
| US | 8.8.8.8:53 | ffjnqazhlm.net | udp |
| US | 8.8.8.8:53 | fkcymxon.info | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | yttdtbbb.net | udp |
| US | 8.8.8.8:53 | rgmudgkbvf.info | udp |
| US | 8.8.8.8:53 | rzugqqvsqgb.com | udp |
| US | 8.8.8.8:53 | xfgmmkszwu.info | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | jfruodhahh.net | udp |
| US | 8.8.8.8:53 | jlwpjewqhewb.net | udp |
| US | 8.8.8.8:53 | nzfsfohicei.net | udp |
| US | 8.8.8.8:53 | mgzokzmr.info | udp |
| US | 8.8.8.8:53 | gmmovvrpxh.net | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | kmvtvk.info | udp |
| US | 8.8.8.8:53 | bylsrpty.info | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | ivazwa.info | udp |
| US | 8.8.8.8:53 | ubfbwbdygu.info | udp |
| US | 8.8.8.8:53 | wpnjqnfepcl.net | udp |
| US | 8.8.8.8:53 | xszslotxg.org | udp |
| US | 8.8.8.8:53 | dysweazul.org | udp |
| US | 8.8.8.8:53 | rutgykbdxwb.info | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | ismeeyks.org | udp |
| US | 8.8.8.8:53 | tvczluid.info | udp |
| US | 8.8.8.8:53 | lmnhoyr.com | udp |
| US | 8.8.8.8:53 | tmezjobct.org | udp |
| BG | 213.231.140.54:18629 | tcp | |
| US | 8.8.8.8:53 | auvmsmnazmj.info | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | jlvryvtehu.net | udp |
| US | 8.8.8.8:53 | brylkwtmfvfn.net | udp |
| US | 8.8.8.8:53 | rctihabal.com | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | qucuaaawiugm.com | udp |
| US | 8.8.8.8:53 | tpbpwrcbhuiz.info | udp |
| US | 8.8.8.8:53 | fwuipglco.net | udp |
| US | 8.8.8.8:53 | vmzghlie.info | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | cutuwew.info | udp |
| US | 8.8.8.8:53 | rzenrgjokbvp.net | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | xyxtdrtw.net | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | ucwomsqe.org | udp |
| US | 8.8.8.8:53 | eoswowoy.org | udp |
| US | 8.8.8.8:53 | xntvdeldko.net | udp |
| US | 8.8.8.8:53 | tutshmd.org | udp |
| US | 8.8.8.8:53 | tglfwp.info | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | kgnabklywko.net | udp |
| US | 8.8.8.8:53 | wdfedat.info | udp |
| US | 8.8.8.8:53 | rapdvwh.org | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | dkxeoqa.info | udp |
| US | 8.8.8.8:53 | ghiwewgspn.info | udp |
| US | 8.8.8.8:53 | buxwxgjsaqu.info | udp |
| US | 8.8.8.8:53 | rpbyxvdt.info | udp |
| US | 8.8.8.8:53 | msyxrnmfinzv.net | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | pmxhfkb.net | udp |
| US | 8.8.8.8:53 | vsltvpo.org | udp |
| US | 8.8.8.8:53 | sscmkqkgckya.org | udp |
| US | 8.8.8.8:53 | ehrtibs.info | udp |
| US | 8.8.8.8:53 | vcrapudrlyx.com | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | cuomaiksqmog.org | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | waeozjapjfks.info | udp |
| US | 8.8.8.8:53 | qqpeenzliej.info | udp |
| US | 8.8.8.8:53 | zipdhf.info | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | htdsjpfpi.info | udp |
| US | 8.8.8.8:53 | csggwiguge.com | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | mkjabsieh.net | udp |
| US | 8.8.8.8:53 | aieiscis.org | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | kwpsjbsvfn.net | udp |
| US | 8.8.8.8:53 | jhkublzprj.net | udp |
| US | 8.8.8.8:53 | ucjadin.net | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | wmaepig.net | udp |
| RU | 109.110.63.134:24405 | tcp | |
| US | 8.8.8.8:53 | caugusue.org | udp |
| US | 8.8.8.8:53 | dvnxdkp.info | udp |
| US | 8.8.8.8:53 | zidzbz.info | udp |
| US | 8.8.8.8:53 | whdcfhtnivdg.net | udp |
| US | 8.8.8.8:53 | zsjglwvglkf.com | udp |
| US | 8.8.8.8:53 | bilaxeutke.net | udp |
| US | 8.8.8.8:53 | fsaovkt.info | udp |
| US | 8.8.8.8:53 | ewigsgkuycqo.org | udp |
| US | 8.8.8.8:53 | whxtecpsls.net | udp |
| US | 8.8.8.8:53 | oomgkkyg.com | udp |
| US | 8.8.8.8:53 | hatpfumez.com | udp |
| US | 8.8.8.8:53 | ednlpq.net | udp |
| US | 8.8.8.8:53 | vexgbxp.org | udp |
| US | 8.8.8.8:53 | tscmqnrxg.com | udp |
| US | 8.8.8.8:53 | qtfdthykibd.net | udp |
| US | 8.8.8.8:53 | eogkuc.org | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | alhmwscdcsms.info | udp |
| US | 8.8.8.8:53 | qnmueiam.net | udp |
| US | 8.8.8.8:53 | xgdnrio.com | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | eoxoxaz.net | udp |
| US | 8.8.8.8:53 | zffkhwluckmk.info | udp |
| US | 8.8.8.8:53 | fziznuyo.net | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | yceqew.com | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | hckqaghalaf.info | udp |
| US | 8.8.8.8:53 | bitszwdkl.net | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | iuiwyqmeuc.com | udp |
| US | 8.8.8.8:53 | wseuoyosqgck.com | udp |
| US | 8.8.8.8:53 | hqbgvwfx.net | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | pwkurai.net | udp |
| US | 8.8.8.8:53 | lxxixlxpcf.info | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | cddotdfud.net | udp |
| US | 8.8.8.8:53 | fgtinrnt.info | udp |
| US | 8.8.8.8:53 | vhijtvboq.info | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | erzhirqvzghp.net | udp |
| US | 8.8.8.8:53 | joresgxopgd.org | udp |
| US | 8.8.8.8:53 | foknzoqz.info | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | dwjwmslso.net | udp |
| US | 8.8.8.8:53 | dmrindn.net | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | gehfir.net | udp |
| US | 8.8.8.8:53 | rhjrmjpgiwy.com | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | wukmsaekiq.com | udp |
| US | 8.8.8.8:53 | uwhjbpyv.net | udp |
| US | 8.8.8.8:53 | qccgkmkc.org | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | eqdnezux.info | udp |
| US | 8.8.8.8:53 | fyjkjhpwb.org | udp |
| US | 8.8.8.8:53 | zkfchwvgd.info | udp |
| US | 8.8.8.8:53 | psrrqakzlx.info | udp |
| US | 8.8.8.8:53 | eobwrzv.net | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | ummymm.org | udp |
| US | 8.8.8.8:53 | caqekweo.com | udp |
| US | 8.8.8.8:53 | legtael.net | udp |
| US | 8.8.8.8:53 | ubqrbcslpfdl.info | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | bjxpobsylm.net | udp |
| US | 8.8.8.8:53 | pyfatygyiex.com | udp |
| US | 8.8.8.8:53 | wctczadafor.net | udp |
| US | 8.8.8.8:53 | qunznxrblk.net | udp |
| US | 8.8.8.8:53 | ckmiohrnxguw.info | udp |
| US | 8.8.8.8:53 | fkchgxzxfcrp.info | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | zhqbxjxl.net | udp |
| US | 8.8.8.8:53 | puxdmhrp.net | udp |
| US | 8.8.8.8:53 | eafgroxtk.info | udp |
| US | 8.8.8.8:53 | oxmhymbhhqvl.info | udp |
| US | 8.8.8.8:53 | agaweu.org | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | dqistxi.net | udp |
| US | 8.8.8.8:53 | foktdktiw.org | udp |
| US | 8.8.8.8:53 | dcmevok.com | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | pxxzohroecbp.info | udp |
| US | 8.8.8.8:53 | egjgxgmek.info | udp |
| US | 8.8.8.8:53 | ixpvxtnqvb.net | udp |
| US | 8.8.8.8:53 | aoonvhlwef.info | udp |
| US | 8.8.8.8:53 | vrywrbb.com | udp |
| US | 8.8.8.8:53 | fafegvf.net | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | jpakcl.net | udp |
| US | 8.8.8.8:53 | xypxhx.info | udp |
| US | 8.8.8.8:53 | lhfaigrgz.info | udp |
| BG | 77.77.28.177:14149 | tcp | |
| US | 8.8.8.8:53 | xzzazbfqx.info | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | einmsoxsasp.info | udp |
| US | 8.8.8.8:53 | pmmkdrxixtgj.info | udp |
| US | 8.8.8.8:53 | qyffooarp.info | udp |
| US | 8.8.8.8:53 | cgzqtowog.info | udp |
| US | 8.8.8.8:53 | rbfutoj.com | udp |
| US | 8.8.8.8:53 | rpvrlcnpupqc.info | udp |
| US | 8.8.8.8:53 | qypzvt.info | udp |
| US | 8.8.8.8:53 | zcdsxgfjw.org | udp |
| US | 8.8.8.8:53 | fkmakomwb.org | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | iayssq.org | udp |
| US | 8.8.8.8:53 | geumtvlsv.info | udp |
| US | 8.8.8.8:53 | uykpxgrmozah.info | udp |
| US | 8.8.8.8:53 | duaopkv.info | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| US | 8.8.8.8:53 | rhxcxga.org | udp |
| US | 8.8.8.8:53 | oqknufjhsxoq.net | udp |
| US | 8.8.8.8:53 | omduxqg.net | udp |
| US | 8.8.8.8:53 | xapexbbszmf.org | udp |
| US | 8.8.8.8:53 | rinxyipkv.info | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | fkxkjgnky.info | udp |
| US | 8.8.8.8:53 | hexopdcexkke.info | udp |
| US | 8.8.8.8:53 | rdsinonhjh.net | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | wckkiaki.com | udp |
| US | 8.8.8.8:53 | ynkejlk.net | udp |
| US | 8.8.8.8:53 | giekgyskeiik.org | udp |
| US | 8.8.8.8:53 | ckyeoleofgxj.info | udp |
| US | 8.8.8.8:53 | bavppixu.net | udp |
| US | 8.8.8.8:53 | lapydshhrv.net | udp |
| US | 8.8.8.8:53 | fkgritslx.org | udp |
| US | 8.8.8.8:53 | zpzyqngyuave.net | udp |
| US | 8.8.8.8:53 | nygadseimxh.net | udp |
| US | 8.8.8.8:53 | jkyvxmnjkc.info | udp |
| US | 8.8.8.8:53 | loimlohai.net | udp |
| US | 8.8.8.8:53 | ptpwnlreeaxo.net | udp |
| US | 8.8.8.8:53 | budwzonimlyb.net | udp |
| US | 8.8.8.8:53 | ysnktkamd.info | udp |
| MD | 93.116.161.233:27459 | tcp | |
| US | 8.8.8.8:53 | twnpey.net | udp |
| US | 8.8.8.8:53 | zonqcl.net | udp |
| US | 8.8.8.8:53 | eeeiusoc.com | udp |
| US | 8.8.8.8:53 | iujmgrhipeb.net | udp |
| US | 8.8.8.8:53 | utfeky.net | udp |
| US | 8.8.8.8:53 | eovaksrgywq.info | udp |
| US | 8.8.8.8:53 | awwagoku.com | udp |
| US | 8.8.8.8:53 | vnsanoolwcdd.net | udp |
| US | 8.8.8.8:53 | nqpcnuv.info | udp |
| US | 8.8.8.8:53 | dtstyn.net | udp |
| US | 8.8.8.8:53 | aymwje.info | udp |
| US | 8.8.8.8:53 | yqpwhcegwqp.info | udp |
| US | 8.8.8.8:53 | rhkqfsylb.net | udp |
| US | 8.8.8.8:53 | pyglbynwx.net | udp |
| US | 8.8.8.8:53 | zbqtpeerkb.net | udp |
| US | 8.8.8.8:53 | vyxnvw.net | udp |
| US | 8.8.8.8:53 | ozhfaxxjbp.info | udp |
| US | 8.8.8.8:53 | jencnxhbd.org | udp |
| US | 8.8.8.8:53 | zwhxiwn.com | udp |
| US | 8.8.8.8:53 | bfhfhdbdge.net | udp |
| US | 8.8.8.8:53 | oczyhzf.net | udp |
| US | 8.8.8.8:53 | zuwrljtqss.net | udp |
| US | 8.8.8.8:53 | cmuanqlbfu.info | udp |
| US | 8.8.8.8:53 | fogeicaifup.com | udp |
| US | 8.8.8.8:53 | ozfxbirmhuhx.info | udp |
| US | 8.8.8.8:53 | rxezxdhtxm.net | udp |
| US | 8.8.8.8:53 | hihuoajqrwb.net | udp |
| US | 8.8.8.8:53 | luhqzwduo.info | udp |
| US | 8.8.8.8:53 | uyziru.info | udp |
| US | 8.8.8.8:53 | xspnmkr.info | udp |
| US | 8.8.8.8:53 | qsqackgkio.org | udp |
| US | 8.8.8.8:53 | woogaecoas.org | udp |
| US | 8.8.8.8:53 | zzwpverv.info | udp |
| US | 8.8.8.8:53 | tmrxnmjrkb.net | udp |
| US | 8.8.8.8:53 | gqtmbqs.net | udp |
| US | 8.8.8.8:53 | mscxpilwdsn.info | udp |
| US | 8.8.8.8:53 | wwcyokmcsa.org | udp |
| US | 8.8.8.8:53 | gnpctq.net | udp |
| US | 8.8.8.8:53 | xfdfwapsjs.info | udp |
| US | 8.8.8.8:53 | uomieuwsgywa.com | udp |
| US | 8.8.8.8:53 | lesmmkxy.info | udp |
| US | 8.8.8.8:53 | hdmevlj.org | udp |
| US | 8.8.8.8:53 | macgoah.info | udp |
| US | 8.8.8.8:53 | nzyddpxgorfm.net | udp |
| US | 8.8.8.8:53 | zsdfnwuay.net | udp |
| US | 8.8.8.8:53 | wurmwojcp.info | udp |
| US | 8.8.8.8:53 | fzkrxmam.info | udp |
| US | 8.8.8.8:53 | ioduvvtyyud.info | udp |
| US | 8.8.8.8:53 | yuvgzwn.net | udp |
| US | 8.8.8.8:53 | wfznvxqz.info | udp |
| US | 8.8.8.8:53 | hwtbzkf.com | udp |
| US | 8.8.8.8:53 | fixijml.org | udp |
| US | 8.8.8.8:53 | fzdzqswx.info | udp |
| US | 8.8.8.8:53 | bvrlxiawb.net | udp |
| US | 8.8.8.8:53 | bujydax.net | udp |
| US | 8.8.8.8:53 | vzxmfjjm.info | udp |
| US | 8.8.8.8:53 | jqicsbohyedk.net | udp |
| US | 8.8.8.8:53 | whxvvccdqz.info | udp |
| US | 8.8.8.8:53 | uvngie.info | udp |
| US | 8.8.8.8:53 | sxsydftugfl.net | udp |
| US | 8.8.8.8:53 | lvckcdnwf.info | udp |
| US | 8.8.8.8:53 | aggsrah.net | udp |
| US | 8.8.8.8:53 | ioumglci.net | udp |
| US | 8.8.8.8:53 | ggzuiavyrzn.info | udp |
| US | 8.8.8.8:53 | msoiygcw.org | udp |
| US | 8.8.8.8:53 | jntxuexoq.net | udp |
| US | 8.8.8.8:53 | qbqcqmphdw.net | udp |
| US | 8.8.8.8:53 | jvnrpdb.com | udp |
| BG | 89.25.19.164:26151 | tcp | |
| US | 8.8.8.8:53 | pxnrhhd.org | udp |
| US | 8.8.8.8:53 | bozfzjyeib.net | udp |
| US | 8.8.8.8:53 | awtrjqbmv.net | udp |
| US | 8.8.8.8:53 | wgibfrupbtkx.net | udp |
| US | 8.8.8.8:53 | bxzqfyzcuak.org | udp |
| US | 8.8.8.8:53 | tnkuguinhd.net | udp |
| US | 8.8.8.8:53 | pzdeduimwm.info | udp |
Files
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
| MD5 | 9a56ff1becb0600083de82a43e1124c3 |
| SHA1 | f8b668520dee890ba8d3e9e465d2aa676079d849 |
| SHA256 | 3dfce6dcda0edfea1cdb7e94a34624fb9e5d31430ed4280628a27ede32a72baa |
| SHA512 | 5c121c9771bdd1bcca684fd5fb2b32c04b222ec3827812c18740506cbbdbe8a7a6d034708cc9a9dfcbfda636e179d02d31b3ff2ef2478c7abad9b36c6577acab |
C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe
| MD5 | bdee5e351d4080f6d88d3fb9c6c09c60 |
| SHA1 | f8b229a69b7b932ffb0ac6d71aec90137c583a18 |
| SHA256 | 04d3522972566a2b189144c86441058f1af5641a67cdaf39e246f91ba23bf5c5 |
| SHA512 | 35c3b392784ac85f9794e1eb75d55e9d651e2f13782175791eeb07fef86f5360f681e3e0be9d8fe0c6b1495ed4edd07e6eaec2f2c46c5026faa812fb0858842b |
C:\Users\Admin\AppData\Local\Temp\afflt.exe
| MD5 | f9bdd428895e582fbf6bc64260074fb8 |
| SHA1 | 3d0a2f07940d1bb5480a0a10c5ef244885d231b3 |
| SHA256 | 8e2c66fce56bc6ddf3f03a1b602cbc92664b9c6af56d18b73c01544f90a0e32d |
| SHA512 | 457d09d3eb8b1273d9e7a4a566b52099c05d347860b28d75ea0aa9d8b77d8f3b4ffacb4e0b1aedb509aca172ee96a577a93ba239f30971938fc8d0a91754f203 |
C:\Users\Admin\AppData\Local\fhehmrnpyuzbfglyizprorwb.zie
| MD5 | c63ce840e0d1c7e55b56ca83c7038903 |
| SHA1 | f7f9a4117c8433d5e39e417df806ce1cd99bb785 |
| SHA256 | 4bdd290580064c79b378ce788c51af726f39b14f6915dffa27509eebb0bccde2 |
| SHA512 | bf6fa15419630669105204f04ae3983f2fff07367db9da826e4e8e05cbccd4d2398ff9d80d60be0f0252179736053028cabdf849bf0ffdc7f2b29497d0f63c50 |
C:\Users\Admin\AppData\Local\objxndkxryobqcsqlnobjxndkxryobqcsql.obj
| MD5 | 40a25e8f8ab081d829f22a5ab780677a |
| SHA1 | fe85fc71cf63782f87d1f063dee5d507bc7e03d1 |
| SHA256 | 3e6bcdea611bb59f9cd53babfbd86c8b2aaf493e319b3a0da7b322a67d8c663a |
| SHA512 | 1d6e4e67674aa7a21c29cbfa23988b2028ede941fc4b67532ce5c98bb7a205f7a33cd3ebddd82217d2bfbf683e62c7f4de8aca67b8201b67aee152c269bcb01d |
C:\Program Files (x86)\fhehmrnpyuzbfglyizprorwb.zie
| MD5 | f54b8773c16578b5cfa0fd7168bdd5ca |
| SHA1 | 7593dcb7c8375763859aecfb32075a4af4ab80ee |
| SHA256 | 4c280f169d298734ca9a80b38fe91634317de2d299e3bd4a6274bc35cda12a8e |
| SHA512 | bafc56497f5c3b1cafe5affad65b849642c20099275af551df68fada6b500030ec8a7e3292d1c3d293384b1b6472a458b947bbae986af0bd7b17a2ccad5743a3 |
C:\Program Files (x86)\fhehmrnpyuzbfglyizprorwb.zie
| MD5 | c5b345d8b88107aa9f4d3ce635a4ce30 |
| SHA1 | f8ee8db7e991a734adaec9851893c6edd7dcfc65 |
| SHA256 | 9ac11008e312f4bccfae9dcb677f8b41294e9eab4ca60924d7fa4867e0c7d183 |
| SHA512 | ce00ad2765c7364697021e06144306b83b86ed9deb03a8b7f477545f0eb0851422c55e5b129e5e2eee9d8737d0804f2c0e93da523177f910ae90b76d27b62796 |
C:\Program Files (x86)\fhehmrnpyuzbfglyizprorwb.zie
| MD5 | f78ed3c6d7a8f99f8226059d7eadd1e9 |
| SHA1 | 0fc05a071a4c3ae1e51a367c42e129ea3ee346e7 |
| SHA256 | feb26801e88f197e1b751612cbe9983d3ea1c54fb73ac400153fc0998dc4a302 |
| SHA512 | 25013e76dc0211ebf2c472b0474695ab9b95f6c3a83dd1e992f3db5af522afb021355b35f35719ce0d37c3cdbab60ea8f21c4d9e564885f43e89cb38fdac4e26 |
C:\Program Files (x86)\fhehmrnpyuzbfglyizprorwb.zie
| MD5 | f2f8f566418be4785bb6acd761253e14 |
| SHA1 | 72f97b4754e7f5fe74ddb21857cacd5d09937d80 |
| SHA256 | 8cc19748066640d794109708adac2a056c579e7c3a2b5f812d0069732dcb18b3 |
| SHA512 | 3a0e0db1bfd1bc5197d1785e1b7170ef5b5356c36d88fb0d2cad5a287e233f501415f27ef878eeba28ddd48a328872001fb9733db3d04345ba590a995bc989e7 |
C:\Program Files (x86)\fhehmrnpyuzbfglyizprorwb.zie
| MD5 | 34f980880264ec93ca42f9e7a5b5f369 |
| SHA1 | 821af5ca72015dafc2a4f287e222fc8c7a9946eb |
| SHA256 | 7c080c3147e8dc672219bb296c7f6462c062df9ee6e7fe4f94580aed2d1caeaa |
| SHA512 | 5f0c7765540f32df2b9e0a4cf38b2932fd8874eabee15cd5e650d5ccb6fb7d89ed0c28f2fbd08a77f7c50a5b3e1e6020d0592f7686c6a1c0c9b3b53b416b766f |
C:\Program Files (x86)\fhehmrnpyuzbfglyizprorwb.zie
| MD5 | 96bc89dbba6da175a0afc7387bbb843b |
| SHA1 | 4511ba4474edf6fd573e7634fa1ca48181dd9db7 |
| SHA256 | 230894ad5c53bd084b2994606ec8693ca484f457b55b8aca2c07367c5efe9c79 |
| SHA512 | 3bff372bae6335704cfa3707e29dabe9a5cd1c0e1be81c64def98dcbb66e731629594b05766ef93634b15ba502148addc48b60c70f7bc40e02e9f350bfbac698 |