Analysis Overview
SHA256
57c85e0a2c34c0e1e6a434194422f6c3a1fd44d66bc1848803fa0421b621fdd7
Threat Level: Known bad
The file JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f was found to be: Known bad.
Malicious Activity Summary
Pykspa family
UAC bypass
Pykspa
Modifies WinLogon for persistence
Detect Pykspa worm
Disables RegEdit via registry modification
Adds policy Run key to start application
Impair Defenses: Safe Mode Boot
Executes dropped EXE
Adds Run key to start application
Looks up external IP address via web service
Checks whether UAC is enabled
Hijack Execution Flow: Executable Installer File Permissions Weakness
Drops file in System32 directory
Drops autorun.inf file
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
System policy modification
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-18 11:32
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-18 11:32
Reported
2025-04-18 11:35
Platform
win10v2004-20250314-en
Max time kernel
1s
Max time network
157s
Command Line
Signatures
Pykspa
Pykspa family
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe"
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bddd16d20828ab7fce7d46416ccf084f.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."
C:\Users\Admin\AppData\Local\Temp\dcgpx.exe
"C:\Users\Admin\AppData\Local\Temp\dcgpx.exe" "-C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe"
C:\Users\Admin\AppData\Local\Temp\dcgpx.exe
"C:\Users\Admin\AppData\Local\Temp\dcgpx.exe" "-C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe .
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe .
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe .
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\dsmljfwqqffwqbvzqtrga.exe*."
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\hsidxpcsozviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\qctpkdrifroctbsthh.exe*."
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe
C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\ocvtqlbuthgwpzsvlnky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe
C:\Windows\qctpkdrifroctbsthh.exe
qctpkdrifroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\akztmdpezjeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocvtqlbuthgwpzsvlnky.exe .
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\qctpkdrifroctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Windows\ocvtqlbuthgwpzsvlnky.exe
ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\qctpkdrifroctbsthh.exe*."
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\akztmdpezjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\ocvtqlbuthgwpzsvlnky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\akztmdpezjeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\bogdztiayljyqzrtijf.exe .
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\dsmljfwqqffwqbvzqtrga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dsmljfwqqffwqbvzqtrga.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bogdztiayljyqzrtijf.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\dsmljfwqqffwqbvzqtrga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe
C:\Windows\dsmljfwqqffwqbvzqtrga.exe
dsmljfwqqffwqbvzqtrga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hsidxpcsozviyfvvi.exe .
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe .
C:\Windows\hsidxpcsozviyfvvi.exe
hsidxpcsozviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c akztmdpezjeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\hsidxpcsozviyfvvi.exe*."
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qctpkdrifroctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bogdztiayljyqzrtijf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hsidxpcsozviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocvtqlbuthgwpzsvlnky.exe .
C:\Windows\akztmdpezjeqflaz.exe
akztmdpezjeqflaz.exe .
C:\Windows\bogdztiayljyqzrtijf.exe
bogdztiayljyqzrtijf.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.imdb.com | udp |
| FR | 52.222.159.143:80 | www.imdb.com | tcp |
| GB | 77.97.178.13:26660 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | mxxjju.net | udp |
| US | 8.8.8.8:53 | jzsirdfsyukt.net | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | wygwxlwcmzo.info | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | aytqtwnyowi.info | udp |
| US | 8.8.8.8:53 | rizmpipud.com | udp |
| US | 8.8.8.8:53 | pjpmip.net | udp |
| US | 8.8.8.8:53 | bbvmvonsrgo.org | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | cdnvtqfayzot.net | udp |
| US | 8.8.8.8:53 | rruxngoz.info | udp |
| US | 8.8.8.8:53 | cqjmeavp.net | udp |
| US | 8.8.8.8:53 | ldqvitu.net | udp |
| US | 8.8.8.8:53 | kpsdwlyvip.info | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | smtwlwbcmrf.info | udp |
| US | 8.8.8.8:53 | oxvlduwsjcyi.net | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| GB | 77.97.178.13:26660 | tcp | |
| US | 8.8.8.8:53 | lrxzhhrxd.org | udp |
| US | 8.8.8.8:53 | mgbbcnye.net | udp |
| US | 8.8.8.8:53 | vvvhsnhfsr.info | udp |
| US | 8.8.8.8:53 | bptjkkx.com | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | oyxjzglbsbwn.net | udp |
| US | 8.8.8.8:53 | lgfrmss.net | udp |
| US | 8.8.8.8:53 | kkdzxs.net | udp |
| US | 8.8.8.8:53 | vmptklcuben.info | udp |
| US | 8.8.8.8:53 | rvandrin.net | udp |
| US | 8.8.8.8:53 | bdxfkh.net | udp |
| US | 8.8.8.8:53 | zgxzzod.info | udp |
| US | 8.8.8.8:53 | hxuditquuz.net | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | qnxzvfgcca.info | udp |
| US | 8.8.8.8:53 | kfsqntrcs.net | udp |
| US | 8.8.8.8:53 | cwogwwqgwmgm.org | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | srfjtwetfuan.info | udp |
| US | 8.8.8.8:53 | qmbgtxj.net | udp |
| US | 8.8.8.8:53 | xepqbwk.org | udp |
| US | 8.8.8.8:53 | bnmgfhntqi.info | udp |
| US | 8.8.8.8:53 | icfeutzo.info | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | cmjmiwi.info | udp |
| US | 8.8.8.8:53 | ohjpjthfof.info | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | onrcmglgtep.net | udp |
| US | 8.8.8.8:53 | yiusemug.com | udp |
| US | 8.8.8.8:53 | qctnfsitf.info | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | kinqso.info | udp |
| US | 8.8.8.8:53 | mpxswwp.info | udp |
| US | 8.8.8.8:53 | ywsfkahy.net | udp |
| US | 8.8.8.8:53 | hpfsvsseucj.info | udp |
| US | 8.8.8.8:53 | vewgnb.net | udp |
| US | 8.8.8.8:53 | hzeqlh.info | udp |
| US | 8.8.8.8:53 | brnqtaoogutm.info | udp |
| US | 8.8.8.8:53 | qoisgkqpbv.net | udp |
| US | 8.8.8.8:53 | oomnhmr.info | udp |
| US | 8.8.8.8:53 | meyyom.com | udp |
| US | 8.8.8.8:53 | masuce.org | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | rmmbmxnrsqus.info | udp |
| US | 8.8.8.8:53 | nbldknpemyy.org | udp |
| US | 8.8.8.8:53 | pmvnnbid.net | udp |
| US | 8.8.8.8:53 | vgfeca.net | udp |
| US | 8.8.8.8:53 | psdnfixkknp.net | udp |
| US | 8.8.8.8:53 | wzftwstp.net | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | jssewqd.org | udp |
| US | 8.8.8.8:53 | codsuzkuv.net | udp |
| US | 8.8.8.8:53 | mofgvjsmri.net | udp |
| US | 8.8.8.8:53 | pcpupcdcdui.net | udp |
| US | 8.8.8.8:53 | finenndqxcq.org | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | ayoswemiwq.com | udp |
| US | 8.8.8.8:53 | ioemkqauge.org | udp |
| US | 8.8.8.8:53 | grrmba.info | udp |
| US | 8.8.8.8:53 | zmrdlsopsqx.info | udp |
| US | 8.8.8.8:53 | hqocfifwnsx.org | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | nwwjkxainu.info | udp |
| US | 8.8.8.8:53 | xlfnyed.com | udp |
| US | 8.8.8.8:53 | uiefwgxfpstw.info | udp |
| US | 8.8.8.8:53 | wbyztvtxpy.info | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | jpcwlymgl.com | udp |
| US | 8.8.8.8:53 | psspvnvmmh.info | udp |
| US | 8.8.8.8:53 | oesukj.net | udp |
| US | 8.8.8.8:53 | lenibyekxyv.info | udp |
| US | 8.8.8.8:53 | zmrrcmo.net | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | odjdfs.info | udp |
| US | 8.8.8.8:53 | hhethf.net | udp |
| US | 8.8.8.8:53 | zrxobj.net | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | bwaaxjz.net | udp |
| US | 8.8.8.8:53 | xolodqwajgg.net | udp |
| US | 8.8.8.8:53 | xyvmqzpiiw.net | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | hynkazgw.info | udp |
| US | 8.8.8.8:53 | pqfhvw.info | udp |
| US | 8.8.8.8:53 | jkzxjpbitkv.info | udp |
| US | 8.8.8.8:53 | zmrkhrdhr.net | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | swyksuoggk.com | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | oavepmbqny.info | udp |
| US | 8.8.8.8:53 | eenmfxh.net | udp |
| US | 8.8.8.8:53 | mtnicgfcy.net | udp |
| US | 8.8.8.8:53 | lnddxkqqk.com | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | dkthqi.info | udp |
| US | 8.8.8.8:53 | cyrafgu.info | udp |
| US | 8.8.8.8:53 | iqowyoyy.com | udp |
| US | 8.8.8.8:53 | nlcgdarufo.net | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | jbqrjtlrbb.net | udp |
| US | 8.8.8.8:53 | geuyaewauw.org | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | xefehixwaiz.info | udp |
| US | 8.8.8.8:53 | guxfxajidjh.net | udp |
| US | 8.8.8.8:53 | ickowuoa.org | udp |
| US | 8.8.8.8:53 | bdfpzxbas.info | udp |
| US | 8.8.8.8:53 | gvlliv.net | udp |
| US | 8.8.8.8:53 | ixborjychow.net | udp |
| US | 8.8.8.8:53 | lsleirsjrkj.org | udp |
| US | 8.8.8.8:53 | zzwthbewcr.info | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | uzlpflfpwp.info | udp |
| US | 8.8.8.8:53 | lxnvtcnccexz.info | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | aogqwokw.org | udp |
| US | 8.8.8.8:53 | yvxetzrij.info | udp |
| US | 8.8.8.8:53 | ogtctherniw.net | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | wyiccisgegue.org | udp |
| US | 8.8.8.8:53 | xruxba.net | udp |
| US | 8.8.8.8:53 | qinmtajkftj.net | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | zmgswk.info | udp |
| US | 8.8.8.8:53 | kkeuwlkf.info | udp |
| US | 8.8.8.8:53 | qerhtfr.info | udp |
| US | 8.8.8.8:53 | dggerxaiqqd.com | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | ixfllp.info | udp |
| US | 8.8.8.8:53 | gsjwzsxqpgi.net | udp |
| US | 8.8.8.8:53 | rkdsvd.info | udp |
| US | 8.8.8.8:53 | zaeildxwdiv.com | udp |
| US | 8.8.8.8:53 | horrtcljbb.net | udp |
| US | 8.8.8.8:53 | ojxplpnq.net | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | asviyilov.info | udp |
| US | 8.8.8.8:53 | ffmichmgdu.info | udp |
| US | 8.8.8.8:53 | wiisqqceay.org | udp |
| US | 8.8.8.8:53 | shdbtspqbgr.info | udp |
| US | 8.8.8.8:53 | zkrwbiv.info | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | geuuuisyke.org | udp |
| US | 8.8.8.8:53 | jkyutctoy.net | udp |
| US | 8.8.8.8:53 | aaliqunsnuv.info | udp |
| US | 8.8.8.8:53 | kuofau.info | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | wsgclqdmktt.info | udp |
| US | 8.8.8.8:53 | nmxavafeuml.net | udp |
| US | 8.8.8.8:53 | rgdxvck.org | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | kbbqlplvblxv.info | udp |
| US | 8.8.8.8:53 | zcdseajxb.com | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | uiamflwkoux.net | udp |
| US | 8.8.8.8:53 | jgvmlkw.info | udp |
| US | 8.8.8.8:53 | ygiywk.com | udp |
| US | 8.8.8.8:53 | fykqlzuq.net | udp |
| US | 8.8.8.8:53 | iwskkewy.org | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | nwjjzbvlpxvi.info | udp |
| US | 8.8.8.8:53 | nogbdz.net | udp |
| US | 8.8.8.8:53 | owwkussqmqoq.org | udp |
| US | 8.8.8.8:53 | jjxscz.info | udp |
| US | 8.8.8.8:53 | mgeyqqwq.com | udp |
| US | 8.8.8.8:53 | uueksa.org | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | rlndnmt.com | udp |
| US | 8.8.8.8:53 | eewqmwso.com | udp |
| US | 8.8.8.8:53 | hwuwun.net | udp |
| US | 8.8.8.8:53 | uclaghnidq.net | udp |
| US | 8.8.8.8:53 | tvjkyil.org | udp |
| US | 8.8.8.8:53 | ghpxhyz.net | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | rcijofb.info | udp |
| US | 8.8.8.8:53 | guxlrcjbznsn.info | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | sgukossswawk.org | udp |
| US | 8.8.8.8:53 | gkasasosukym.com | udp |
| US | 8.8.8.8:53 | fdtshsudt.net | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | fkdgakrwl.com | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | rqtequj.info | udp |
| US | 8.8.8.8:53 | rjbkxyckv.net | udp |
| US | 8.8.8.8:53 | pmksdndsj.com | udp |
| US | 8.8.8.8:53 | goseoc.org | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | qrrwejftnw.info | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | grbizp.info | udp |
| US | 8.8.8.8:53 | nivynynomdt.info | udp |
| US | 8.8.8.8:53 | uhdinpb.info | udp |
| US | 8.8.8.8:53 | amwucibhb.info | udp |
| US | 8.8.8.8:53 | djvixyu.com | udp |
| US | 8.8.8.8:53 | aylqdyvpbum.net | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | lylidkt.com | udp |
| US | 8.8.8.8:53 | cscccawooaic.org | udp |
| US | 8.8.8.8:53 | sijwoachx.info | udp |
| US | 8.8.8.8:53 | bbxpzwp.net | udp |
| US | 8.8.8.8:53 | lejnbusqzga.info | udp |
| US | 8.8.8.8:53 | xejcfc.info | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | csyhknvi.net | udp |
| US | 8.8.8.8:53 | jraynomkvlcg.info | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | vxcriivk.info | udp |
| US | 8.8.8.8:53 | cxtxwl.info | udp |
| US | 8.8.8.8:53 | fyviyepybmr.net | udp |
| US | 8.8.8.8:53 | avbojunl.net | udp |
| US | 8.8.8.8:53 | jjniskc.net | udp |
| US | 8.8.8.8:53 | qwbgkfeythzf.net | udp |
| US | 8.8.8.8:53 | rmrkccttr.org | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | fzwtplsssdm.com | udp |
| US | 8.8.8.8:53 | hqchlldn.info | udp |
| US | 8.8.8.8:53 | xgkoesnqhqn.info | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | vgrkxrlpjwgo.info | udp |
| US | 8.8.8.8:53 | ftncaeiyva.net | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | wgqaqskw.org | udp |
| US | 8.8.8.8:53 | yuweyesskq.com | udp |
| US | 8.8.8.8:53 | vxdtqmkmgwdh.info | udp |
| US | 8.8.8.8:53 | vsjzyzrg.net | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | sgkesswq.org | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | xoxqrbj.net | udp |
| US | 8.8.8.8:53 | rcsvxj.info | udp |
| US | 8.8.8.8:53 | bzvorxtfjqkp.net | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | yaqqvnety.info | udp |
| US | 8.8.8.8:53 | eyyesugw.org | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | zmjmatacyf.info | udp |
| US | 8.8.8.8:53 | mmfmkw.net | udp |
| US | 8.8.8.8:53 | qqoezbkedkp.info | udp |
| US | 8.8.8.8:53 | yaiytack.info | udp |
| US | 8.8.8.8:53 | muksraozppo.net | udp |
| US | 8.8.8.8:53 | iqcozon.net | udp |
| US | 8.8.8.8:53 | nhavxzep.net | udp |
| US | 8.8.8.8:53 | xmbmxpdr.net | udp |
| US | 8.8.8.8:53 | eookgmscaaeg.org | udp |
| US | 8.8.8.8:53 | wiuywqgg.com | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | pgtvpr.net | udp |
| US | 8.8.8.8:53 | rmusvsivha.net | udp |
| US | 8.8.8.8:53 | axkkoc.info | udp |
| US | 8.8.8.8:53 | gwpacsye.net | udp |
| US | 8.8.8.8:53 | zedpcq.net | udp |
| US | 8.8.8.8:53 | rwlaxbv.net | udp |
| US | 8.8.8.8:53 | bozwvfn.net | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | eyablupuzch.info | udp |
| US | 8.8.8.8:53 | cwueekeois.org | udp |
| US | 8.8.8.8:53 | wmkaqm.org | udp |
| US | 8.8.8.8:53 | lctlhoi.net | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | tgguni.info | udp |
| US | 8.8.8.8:53 | ivgdie.info | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | bptupy.info | udp |
| US | 8.8.8.8:53 | nkopkxjspnfh.net | udp |
| US | 8.8.8.8:53 | zgccgosrtn.net | udp |
| US | 8.8.8.8:53 | zxauxupk.net | udp |
| US | 8.8.8.8:53 | iyoeeqokky.org | udp |
| US | 8.8.8.8:53 | gydqvilfjoy.net | udp |
| US | 8.8.8.8:53 | otrncozw.info | udp |
| US | 8.8.8.8:53 | bwptpjjg.info | udp |
| US | 8.8.8.8:53 | mcesgigsqwwq.com | udp |
| US | 8.8.8.8:53 | tuetjrfirc.net | udp |
| US | 8.8.8.8:53 | esgocwko.org | udp |
| US | 8.8.8.8:53 | vboajdtwyw.net | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | wjaxrznftgxw.info | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | phsplyh.com | udp |
| US | 8.8.8.8:53 | cavmmkdbrs.net | udp |
| US | 8.8.8.8:53 | pdstcckfspiq.info | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | tejoxyynn.com | udp |
| US | 8.8.8.8:53 | qbglywocregi.info | udp |
| US | 8.8.8.8:53 | fuprzpzfje.net | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | twynxgrbf.info | udp |
| US | 8.8.8.8:53 | vwrzptaq.info | udp |
| US | 8.8.8.8:53 | lcvdlg.net | udp |
| US | 8.8.8.8:53 | emqykacoge.com | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | tgzhsocqn.com | udp |
| US | 8.8.8.8:53 | kihglcjvch.net | udp |
| US | 8.8.8.8:53 | fgtfxntyluvc.net | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | maykjgqsf.info | udp |
| US | 8.8.8.8:53 | jzxcjxws.info | udp |
| US | 8.8.8.8:53 | qvhsyenu.net | udp |
| US | 8.8.8.8:53 | xgyytcrg.net | udp |
| US | 8.8.8.8:53 | macjhwafvyn.net | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | yaddnasuqof.info | udp |
| US | 8.8.8.8:53 | mjlihcz.info | udp |
| US | 8.8.8.8:53 | fzpqvhpk.info | udp |
| US | 8.8.8.8:53 | iixqhbp.info | udp |
| US | 8.8.8.8:53 | zmlmgcfvzshw.info | udp |
| US | 8.8.8.8:53 | icycog.com | udp |
| US | 8.8.8.8:53 | lhamhxrlfz.info | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | eooekyeaoiic.org | udp |
| US | 8.8.8.8:53 | uysgaymgkw.com | udp |
| US | 8.8.8.8:53 | jxtzpa.info | udp |
| US | 8.8.8.8:53 | hkpmjgwqdic.com | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | bhrora.net | udp |
| US | 8.8.8.8:53 | smbtmbl.info | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | qwbwlrdml.info | udp |
| NL | 173.194.69.94:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | dpihyq.info | udp |
| US | 8.8.8.8:53 | ddqoertujn.info | udp |
| US | 8.8.8.8:53 | crtsqzvwd.info | udp |
| US | 8.8.8.8:53 | vcmcub.net | udp |
| US | 8.8.8.8:53 | fpdzcf.net | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | tvfdtr.info | udp |
| US | 8.8.8.8:53 | imcyia.org | udp |
| US | 8.8.8.8:53 | uzjqoxvf.net | udp |
| US | 8.8.8.8:53 | xelcvtl.info | udp |
| US | 8.8.8.8:53 | jztawui.com | udp |
| US | 8.8.8.8:53 | ietmkdn.info | udp |
| US | 8.8.8.8:53 | fwmwwklnc.org | udp |
| US | 8.8.8.8:53 | dyfudylevgw.info | udp |
| US | 8.8.8.8:53 | fyqswgqkfmn.info | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | nefsbc.info | udp |
| US | 8.8.8.8:53 | ambklqlninh.net | udp |
| US | 8.8.8.8:53 | brjrnydukkdm.net | udp |
| US | 8.8.8.8:53 | dlwqdsuzjq.info | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | lidqcsgvp.com | udp |
| US | 8.8.8.8:53 | kovjvlvg.net | udp |
| US | 8.8.8.8:53 | cotfeoyazgy.net | udp |
| US | 8.8.8.8:53 | jypihvpacjx.info | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | vvdonccs.info | udp |
| US | 8.8.8.8:53 | opzgai.info | udp |
| US | 8.8.8.8:53 | tlplrswl.info | udp |
| US | 8.8.8.8:53 | ikchzkaub.info | udp |
| US | 8.8.8.8:53 | ouffbebjz.info | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | gmyqwwmacyqa.org | udp |
| US | 8.8.8.8:53 | nktlrqnknxzj.net | udp |
| US | 8.8.8.8:53 | koemgw.org | udp |
| US | 8.8.8.8:53 | rjxmklqc.info | udp |
| US | 8.8.8.8:53 | gsrlwi.info | udp |
| US | 8.8.8.8:53 | iqbauf.info | udp |
| US | 8.8.8.8:53 | rkdlbehmv.com | udp |
| US | 8.8.8.8:53 | bonekamuyej.com | udp |
| US | 8.8.8.8:53 | sqmaiyyu.org | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | kroura.net | udp |
| US | 8.8.8.8:53 | coygkk.org | udp |
| US | 8.8.8.8:53 | pcqffa.net | udp |
| US | 8.8.8.8:53 | aqmiackiiaqy.com | udp |
| US | 8.8.8.8:53 | dpuyggmxpk.info | udp |
| US | 8.8.8.8:53 | isddton.info | udp |
| US | 8.8.8.8:53 | tgvwszyguklg.net | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | ojwkxuiua.info | udp |
| US | 8.8.8.8:53 | blwltfvt.net | udp |
| US | 8.8.8.8:53 | tnyynqhaoaa.com | udp |
| US | 8.8.8.8:53 | ksncxd.info | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | uhakoizhpwte.net | udp |
| US | 8.8.8.8:53 | joqpehfe.info | udp |
| US | 8.8.8.8:53 | laydfipusg.net | udp |
| US | 8.8.8.8:53 | ssbsnko.info | udp |
| US | 8.8.8.8:53 | weeygk.com | udp |
| US | 8.8.8.8:53 | rwppaidivyx.net | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | fceotnkgoniq.info | udp |
| US | 8.8.8.8:53 | zcqupzl.info | udp |
| US | 8.8.8.8:53 | eqnycattw.net | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | baskkxppoeil.net | udp |
| US | 8.8.8.8:53 | jynsrpxj.info | udp |
| US | 8.8.8.8:53 | ljttka.net | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | wvafxsfexvt.net | udp |
| US | 8.8.8.8:53 | fkiqjhigrzdu.info | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | smgfcyhqfmve.net | udp |
| US | 8.8.8.8:53 | ukpdcrdj.net | udp |
| US | 8.8.8.8:53 | ueakvvvuxsx.info | udp |
| US | 8.8.8.8:53 | dcfmhcdpb.net | udp |
| US | 8.8.8.8:53 | oszwkmdswwz.info | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | kwsxtjjukrrp.info | udp |
| US | 8.8.8.8:53 | rviyqscdbsce.net | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | kohchflwkoc.net | udp |
| US | 8.8.8.8:53 | pkbwszosdbhx.net | udp |
| US | 8.8.8.8:53 | tudyxihdnjo.org | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | wmwsga.com | udp |
| US | 8.8.8.8:53 | korjkotedahq.net | udp |
| US | 8.8.8.8:53 | wsnkjol.info | udp |
| US | 8.8.8.8:53 | brmyuwjfzee.net | udp |
| US | 8.8.8.8:53 | bukrfvzaekj.info | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | eykqvetoj.info | udp |
| US | 8.8.8.8:53 | sqswqs.com | udp |
| US | 8.8.8.8:53 | bzewmcp.info | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | uhwrxvzv.info | udp |
| US | 8.8.8.8:53 | wcewkccckiwo.com | udp |
| US | 8.8.8.8:53 | luievqbp.info | udp |
| US | 8.8.8.8:53 | rfghthyyls.net | udp |
| US | 8.8.8.8:53 | pxzrpot.com | udp |
| US | 8.8.8.8:53 | nuhmusmaa.org | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | iewglqv.info | udp |
| US | 8.8.8.8:53 | zknshmx.net | udp |
| US | 8.8.8.8:53 | yolufav.net | udp |
| US | 8.8.8.8:53 | dtlvfetidah.org | udp |
| US | 8.8.8.8:53 | rriopecy.net | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | skkwua.com | udp |
| US | 8.8.8.8:53 | btbqxvl.com | udp |
| US | 8.8.8.8:53 | tzlegkwnci.info | udp |
| US | 8.8.8.8:53 | wzpstuympb.info | udp |
| US | 8.8.8.8:53 | mciwtbual.net | udp |
| US | 8.8.8.8:53 | yywgqeygow.com | udp |
| US | 8.8.8.8:53 | ottszdlij.net | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | wgmtuv.net | udp |
| US | 8.8.8.8:53 | jsnlpfot.net | udp |
| US | 8.8.8.8:53 | mkmgqioyqm.org | udp |
| US | 8.8.8.8:53 | bqwhpxmajcl.org | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | emouiqoeey.com | udp |
| US | 8.8.8.8:53 | twbevjz.org | udp |
| US | 8.8.8.8:53 | dwphah.info | udp |
| US | 8.8.8.8:53 | asritmn.net | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | iegxlvljrlaw.info | udp |
| US | 8.8.8.8:53 | iqffdnc.info | udp |
| US | 8.8.8.8:53 | tcyormp.info | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | ordxkqunjg.info | udp |
| US | 8.8.8.8:53 | pdmrucfubtmk.net | udp |
| US | 8.8.8.8:53 | kutpkfpmiwxl.net | udp |
| US | 8.8.8.8:53 | rinuzap.net | udp |
| US | 8.8.8.8:53 | uhdpwayqes.info | udp |
| US | 8.8.8.8:53 | nqlhexlkxow.info | udp |
| US | 8.8.8.8:53 | tslsiavu.net | udp |
| US | 8.8.8.8:53 | lpndpadg.info | udp |
| US | 8.8.8.8:53 | bcxkaty.net | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | stvlyiqinr.info | udp |
| US | 8.8.8.8:53 | yarnfrbn.net | udp |
| US | 8.8.8.8:53 | gljhtjlp.net | udp |
| US | 8.8.8.8:53 | iiiskymoj.net | udp |
| US | 8.8.8.8:53 | ypzyxcsypkt.info | udp |
| US | 8.8.8.8:53 | soarhafuu.net | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | syeqiq.org | udp |
| US | 8.8.8.8:53 | iipgzgwsh.net | udp |
| US | 8.8.8.8:53 | vjxqvtxugih.net | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | kueoahlk.net | udp |
| US | 8.8.8.8:53 | margpwtq.info | udp |
| US | 8.8.8.8:53 | ysocgsgeuc.com | udp |
| US | 8.8.8.8:53 | rgnyiys.com | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | pglcvrbhne.info | udp |
| US | 8.8.8.8:53 | binvxezmz.net | udp |
| US | 8.8.8.8:53 | wofotmvkb.info | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | imepfgvon.info | udp |
| US | 8.8.8.8:53 | botamsdnlkr.com | udp |
| US | 8.8.8.8:53 | firjwo.net | udp |
| US | 8.8.8.8:53 | lkxqsszxxip.org | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | akwiimgk.com | udp |
| US | 8.8.8.8:53 | ilmivzzq.net | udp |
| US | 8.8.8.8:53 | natwlbridsh.org | udp |
| US | 8.8.8.8:53 | zopajnqp.info | udp |
| US | 8.8.8.8:53 | uyhkxx.net | udp |
| US | 8.8.8.8:53 | nzwabzrtw.info | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | xzxpqlre.info | udp |
| US | 8.8.8.8:53 | xigrtsbpxw.net | udp |
| US | 8.8.8.8:53 | roeczknel.org | udp |
| US | 8.8.8.8:53 | bhconp.net | udp |
| US | 8.8.8.8:53 | camgkaakcmiu.org | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | ayltbbkrf.info | udp |
| US | 8.8.8.8:53 | btkxjqz.info | udp |
| US | 8.8.8.8:53 | fulwrhyiroho.net | udp |
| US | 8.8.8.8:53 | hjblzfooe.net | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | trberutyvm.net | udp |
| US | 8.8.8.8:53 | tmhqkdjbtcff.net | udp |
| US | 8.8.8.8:53 | domooypuz.com | udp |
| US | 8.8.8.8:53 | sansykrfmqzw.info | udp |
| US | 8.8.8.8:53 | uxeobyn.info | udp |
| US | 8.8.8.8:53 | ttfkfsu.net | udp |
| US | 8.8.8.8:53 | mykime.com | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | wmdcwguyz.info | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | kccuicwq.com | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | pzsrnn.info | udp |
| US | 8.8.8.8:53 | ffivja.net | udp |
| US | 8.8.8.8:53 | vxdbtoe.com | udp |
| US | 8.8.8.8:53 | dbnovrbyjdgl.info | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | pilczxhqv.com | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | qqldcbxk.info | udp |
| US | 8.8.8.8:53 | muxpauf.net | udp |
| US | 8.8.8.8:53 | uhfvhw.net | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | hvtnfmsct.com | udp |
| US | 8.8.8.8:53 | ctnxecvoc.net | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | jesklrzdhksy.net | udp |
| US | 8.8.8.8:53 | viwyrwydb.org | udp |
| US | 8.8.8.8:53 | qgpjhqbuj.net | udp |
| US | 8.8.8.8:53 | navsuyi.com | udp |
| US | 8.8.8.8:53 | tcjitvsoa.net | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | uxlattngpbu.net | udp |
| US | 8.8.8.8:53 | ousceyks.com | udp |
| US | 8.8.8.8:53 | whrckcrakab.net | udp |
| US | 8.8.8.8:53 | qaoolcphz.net | udp |
| US | 8.8.8.8:53 | vxwtigtq.net | udp |
| US | 8.8.8.8:53 | xhihxjejaj.net | udp |
| US | 8.8.8.8:53 | jupcjjpuvahh.info | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | maewqgqcqugm.com | udp |
| US | 8.8.8.8:53 | xcegnadkpjew.net | udp |
| US | 8.8.8.8:53 | dxrtgb.info | udp |
| US | 8.8.8.8:53 | hkbcdwlfi.net | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | vgbgvfhiuce.com | udp |
| US | 8.8.8.8:53 | hsgammbenkn.org | udp |
| US | 8.8.8.8:53 | wsgmmg.com | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | hemzisncitgg.info | udp |
| US | 8.8.8.8:53 | exhinvnh.net | udp |
| US | 8.8.8.8:53 | pvhmrdpwiagn.info | udp |
| US | 8.8.8.8:53 | rrscifnk.info | udp |
| US | 8.8.8.8:53 | kaeqku.org | udp |
| US | 8.8.8.8:53 | ewnknknvgwd.net | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | oeztro.net | udp |
| US | 8.8.8.8:53 | xduorrxy.net | udp |
| US | 8.8.8.8:53 | iicmuwes.com | udp |
| US | 8.8.8.8:53 | gurqlmacz.net | udp |
| US | 8.8.8.8:53 | undkjax.info | udp |
| US | 8.8.8.8:53 | hudmbsowa.com | udp |
| US | 8.8.8.8:53 | yoiyqciiiy.org | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | yszyerhod.info | udp |
| US | 8.8.8.8:53 | xjvavx.info | udp |
| US | 8.8.8.8:53 | oyfajuxj.net | udp |
| US | 8.8.8.8:53 | dyninvpkm.org | udp |
| US | 8.8.8.8:53 | iezzcskzjbde.net | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | iuewoi.org | udp |
| US | 8.8.8.8:53 | pijpnex.com | udp |
| US | 8.8.8.8:53 | apbnnengni.net | udp |
| US | 8.8.8.8:53 | bykewefql.org | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | guoasgeikiyg.org | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | xhfuhgdouxvx.net | udp |
| US | 8.8.8.8:53 | qrwxqshfjeue.net | udp |
| US | 8.8.8.8:53 | aaoqkaiy.com | udp |
| US | 8.8.8.8:53 | rsqrjw.net | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | kmkemysw.org | udp |
| US | 8.8.8.8:53 | nblldf.info | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | uzfcdkjkx.net | udp |
| US | 8.8.8.8:53 | uqenlwgfp.net | udp |
| US | 8.8.8.8:53 | vmtkgndcoij.com | udp |
| US | 8.8.8.8:53 | jldmbun.net | udp |
| US | 8.8.8.8:53 | qhjwksvdgs.info | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | njbnpa.info | udp |
| US | 8.8.8.8:53 | bglajz.info | udp |
| US | 8.8.8.8:53 | ioaimg.org | udp |
| US | 8.8.8.8:53 | zwhdhqx.org | udp |
| US | 8.8.8.8:53 | wkrosta.net | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | wmnddkp.net | udp |
| US | 8.8.8.8:53 | soewsekawuem.com | udp |
| US | 8.8.8.8:53 | cqfmvkoojgd.net | udp |
| US | 8.8.8.8:53 | palasv.info | udp |
| US | 8.8.8.8:53 | wphisjpv.info | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | ansspknyumi.net | udp |
| US | 8.8.8.8:53 | beoegcz.info | udp |
| US | 8.8.8.8:53 | wolzxwlpxx.info | udp |
| US | 8.8.8.8:53 | balgcofy.net | udp |
| US | 8.8.8.8:53 | tmezjobct.org | udp |
| US | 8.8.8.8:53 | wkiqqeouum.org | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | mkmkeoiqsykw.com | udp |
| US | 8.8.8.8:53 | ccquddl.info | udp |
| US | 8.8.8.8:53 | wibmxwn.info | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | qgfttnzahij.info | udp |
| US | 8.8.8.8:53 | eaymbwj.net | udp |
| US | 8.8.8.8:53 | rgnxfmvgd.info | udp |
| US | 8.8.8.8:53 | wuhyfaucb.net | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | dkmfamjfgx.info | udp |
| US | 8.8.8.8:53 | fctanjqmbgc.info | udp |
| US | 8.8.8.8:53 | kpmwibye.info | udp |
| US | 8.8.8.8:53 | cmfqzymmfch.info | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | wgmgokauce.com | udp |
| US | 8.8.8.8:53 | lnzclwbjfq.net | udp |
| US | 8.8.8.8:53 | prjruclfruku.net | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | hhqgdzboa.net | udp |
| US | 8.8.8.8:53 | dqvhzeat.info | udp |
| US | 8.8.8.8:53 | xosgcktbd.info | udp |
| US | 8.8.8.8:53 | pzdwoonvvfbp.net | udp |
| US | 8.8.8.8:53 | vtsbenkw.info | udp |
| US | 8.8.8.8:53 | gjxescawxqw.info | udp |
| US | 8.8.8.8:53 | vzbmtxrzh.info | udp |
| US | 8.8.8.8:53 | ujbpgjsgnyv.info | udp |
| US | 8.8.8.8:53 | agihjvfb.info | udp |
| US | 8.8.8.8:53 | efhrnkvox.info | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | rwjmmif.info | udp |
| US | 8.8.8.8:53 | etfgbo.info | udp |
| US | 8.8.8.8:53 | cgzgyvrun.net | udp |
| US | 8.8.8.8:53 | oogiyy.com | udp |
| US | 8.8.8.8:53 | vswwruu.net | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | mxucunzfzgza.info | udp |
| US | 8.8.8.8:53 | uahwdirqu.info | udp |
| US | 8.8.8.8:53 | qikqywoe.org | udp |
| US | 8.8.8.8:53 | tuzjpo.info | udp |
| US | 8.8.8.8:53 | ppnhptg.com | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | qqjqiaiep.net | udp |
| US | 8.8.8.8:53 | zmlmgarac.net | udp |
| US | 8.8.8.8:53 | rwmwxyv.net | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | rfrzsqxkupvo.net | udp |
| US | 8.8.8.8:53 | ttkfqpjt.info | udp |
| US | 8.8.8.8:53 | vqjepwwif.info | udp |
| US | 8.8.8.8:53 | lehwccq.info | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | pvzyfdpvfe.net | udp |
| US | 8.8.8.8:53 | bhdqdgncxez.info | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | kiuhrunjk.net | udp |
| US | 8.8.8.8:53 | csggwiguge.com | udp |
| US | 8.8.8.8:53 | icjjnapiwig.info | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | frxfhtgdobca.net | udp |
| US | 8.8.8.8:53 | usschmuipyz.net | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | kwpsjbsvfn.net | udp |
| US | 8.8.8.8:53 | eddvngsohq.info | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | vsxusclwir.net | udp |
| US | 8.8.8.8:53 | qlnolyg.info | udp |
| US | 8.8.8.8:53 | xtsjtmd.net | udp |
| US | 8.8.8.8:53 | kvffsp.net | udp |
| US | 8.8.8.8:53 | jkmgksvtsaso.info | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | kwvxwiszjpg.info | udp |
| US | 8.8.8.8:53 | xqeyxezeu.net | udp |
| US | 8.8.8.8:53 | lxxgnxzjxgxp.net | udp |
| US | 8.8.8.8:53 | nynkhmdzht.net | udp |
| US | 8.8.8.8:53 | fotsjsxhnx.net | udp |
| US | 8.8.8.8:53 | sgddbeosr.net | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | xhqxlk.info | udp |
| US | 8.8.8.8:53 | gsomaaeqgq.com | udp |
| US | 8.8.8.8:53 | tscmqnrxg.com | udp |
| US | 8.8.8.8:53 | imvoinru.info | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | vbdkvycpez.net | udp |
| US | 8.8.8.8:53 | bmzewcxjfyx.info | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | ywtmnolvro.net | udp |
| US | 8.8.8.8:53 | edfbhfytln.info | udp |
| US | 8.8.8.8:53 | ywqmrhaam.net | udp |
| US | 8.8.8.8:53 | kifitewsjcc.info | udp |
| US | 8.8.8.8:53 | mgcgoaswyy.org | udp |
| US | 8.8.8.8:53 | xwlqnarzft.info | udp |
| US | 8.8.8.8:53 | eyyajcrhdsq.net | udp |
| US | 8.8.8.8:53 | izvlohst.info | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | bnhcdu.info | udp |
| US | 8.8.8.8:53 | cygaiqgycgoq.com | udp |
| US | 8.8.8.8:53 | mslmihzvxrj.info | udp |
| US | 8.8.8.8:53 | dejrfxt.net | udp |
| US | 8.8.8.8:53 | poblan.net | udp |
| US | 8.8.8.8:53 | ysluevg.info | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | gswohknttkx.info | udp |
| US | 8.8.8.8:53 | wpzeootuwodd.net | udp |
| US | 8.8.8.8:53 | kmqueiygqs.com | udp |
| US | 8.8.8.8:53 | yoqkyoqo.org | udp |
| US | 8.8.8.8:53 | opvorebwt.net | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | uegsgk.org | udp |
| US | 8.8.8.8:53 | iabmuja.net | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | nrouxpzztl.info | udp |
| US | 8.8.8.8:53 | zadcbb.net | udp |
| US | 8.8.8.8:53 | zwrxkr.net | udp |
| US | 8.8.8.8:53 | unwullggiowq.info | udp |
| US | 8.8.8.8:53 | dblznwzpr.com | udp |
| US | 8.8.8.8:53 | slngzwn.net | udp |
| US | 8.8.8.8:53 | wxrucvnzmycc.net | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | rkxphsltr.net | udp |
| US | 8.8.8.8:53 | gwawkgseekgy.com | udp |
| US | 8.8.8.8:53 | bilylqaa.info | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | bgfxmdrk.info | udp |
| US | 8.8.8.8:53 | quwhjoarj.net | udp |
| US | 8.8.8.8:53 | ngtmjnmzbzt.com | udp |
| US | 8.8.8.8:53 | sxkmet.info | udp |
| US | 8.8.8.8:53 | nonxhpwroilc.info | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | qzxlixzicrd.info | udp |
| US | 8.8.8.8:53 | icoyyaqq.org | udp |
| US | 8.8.8.8:53 | xpcqhz.info | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | mohsdyohd.net | udp |
| US | 8.8.8.8:53 | bmjjtwjzxin.org | udp |
| US | 8.8.8.8:53 | pwbmdjteznk.com | udp |
| US | 8.8.8.8:53 | tfjwdvdluefv.net | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | ninzswyvtmnl.net | udp |
| US | 8.8.8.8:53 | jofkruowj.info | udp |
| US | 8.8.8.8:53 | zwpaxq.net | udp |
| US | 8.8.8.8:53 | iyeefig.net | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | vgzbrsdgrl.net | udp |
| US | 8.8.8.8:53 | ccmmywai.org | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | ccgiwekeyk.org | udp |
| US | 8.8.8.8:53 | nulwzmjoakzl.info | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | vgduhpdmjfj.info | udp |
| US | 8.8.8.8:53 | nrmqiuh.info | udp |
| US | 8.8.8.8:53 | zorxtqbyj.org | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | bgzjqppcveqr.net | udp |
| US | 8.8.8.8:53 | usdynbp.info | udp |
| US | 8.8.8.8:53 | sooweykoqy.com | udp |
| US | 8.8.8.8:53 | kwikuewm.com | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | tpmrnoirsf.info | udp |
| US | 8.8.8.8:53 | vgyevumg.net | udp |
| US | 8.8.8.8:53 | innqnfbtph.net | udp |
| US | 8.8.8.8:53 | xgnzzvyuboe.info | udp |
| US | 8.8.8.8:53 | koasmvogmvdm.net | udp |
| US | 8.8.8.8:53 | rolqtyt.net | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | nfkhmzdogdsd.net | udp |
| US | 8.8.8.8:53 | mqgqauei.com | udp |
| US | 8.8.8.8:53 | hwevtzzy.info | udp |
| US | 8.8.8.8:53 | vkgsyl.net | udp |
| US | 8.8.8.8:53 | nurkuvdos.com | udp |
| US | 8.8.8.8:53 | nvnlak.info | udp |
| US | 8.8.8.8:53 | aacwya.org | udp |
| US | 8.8.8.8:53 | bouwherme.org | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | qttkblkfke.info | udp |
| US | 8.8.8.8:53 | afrdkeo.info | udp |
| US | 8.8.8.8:53 | vcmidt.info | udp |
| US | 8.8.8.8:53 | pbspki.info | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | vctsvef.net | udp |
| US | 8.8.8.8:53 | ophcrahvpomc.info | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | msvasbw.net | udp |
| US | 8.8.8.8:53 | puoynmrex.org | udp |
| US | 8.8.8.8:53 | tcvcmabapws.info | udp |
| US | 8.8.8.8:53 | lqdhzrzrogn.com | udp |
| US | 8.8.8.8:53 | kowsga.org | udp |
| US | 8.8.8.8:53 | cgzqtowog.info | udp |
| US | 8.8.8.8:53 | degqyjhuxzxb.info | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | eszyfoacnid.info | udp |
| US | 8.8.8.8:53 | lsxmmcn.info | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| US | 8.8.8.8:53 | rhxcxga.org | udp |
| US | 8.8.8.8:53 | tgwmbskvgwfs.info | udp |
| US | 8.8.8.8:53 | hevjicthbe.info | udp |
| US | 8.8.8.8:53 | evtheupo.net | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | lvfcxsxd.info | udp |
| US | 8.8.8.8:53 | qucokuqiicsa.org | udp |
| US | 8.8.8.8:53 | dagatyg.org | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | icrhumtu.net | udp |
| US | 8.8.8.8:53 | xwxrlgpzenmh.info | udp |
Files
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
| MD5 | 6a9d9e8e21c1acf667db6dc652cb9e06 |
| SHA1 | 31431bf2aa33d5fb478c3f3964a0c9b439b00ce9 |
| SHA256 | 255b26f10bc4aaad3c059b37bc3c852d79131863eb5bfd2cb9936957175568ab |
| SHA512 | ba8845166ae6751673c6c3949be51caca9bcd49d995c893abd66249debc8bc2397dbc6629d4d220a89b3ec234749f2909e92ea87f0a40bed0daf7f61e55d25a9 |
C:\Windows\SysWOW64\qctpkdrifroctbsthh.exe
| MD5 | bddd16d20828ab7fce7d46416ccf084f |
| SHA1 | 87067755449ba7bc2cbbf04edae0a03b60e0c91a |
| SHA256 | 57c85e0a2c34c0e1e6a434194422f6c3a1fd44d66bc1848803fa0421b621fdd7 |
| SHA512 | 350ab8929b2a3bdc27fe8465fb5cd3f28885898fd09a91e884efcd6bfde777b5ed26e1dca9de2fc89ed79efdb276f5713b1c08a0a5b88c8809238e035bd6b425 |
C:\Users\Admin\AppData\Local\Temp\dcgpx.exe
| MD5 | cdf9639a9cce32e9a70fa8045f50cf21 |
| SHA1 | 1f69fc8bff66168ec4852a31b0c7697e1c48d3ed |
| SHA256 | b3bc57ad3c928b00ae679090e460880b994b855f7e15e932d0adba07bcb99aab |
| SHA512 | 0bb8e435292eaa2e2b0f681bdb7859a517e95697288aa23d666a00596fffb67c61e93d94de110e31c5952171ddb85f733a18650fdf62ff395959495e8ff94a2f |
C:\Users\Admin\AppData\Local\syjzobjulriqbdojrlagrhwjrctzqyjlwr.tio
| MD5 | bf56b0b4bd2c44a5ae2828df57876ecc |
| SHA1 | 8fe5f3931de07dcbc133bf4be14ec97e824da973 |
| SHA256 | 16e2d1dc670c5ff465872d8925b2015b4edf14755987d7d179fed8dc7a74c8bb |
| SHA512 | 4fe42cce8a3915d45a2491777f7c98696f506fe13e5673cef52c3655d6975e6ef5594b944e1d1832eca5ce34b034f32e8ddea6d94fc96e5916c54789670b4e95 |
C:\Users\Admin\AppData\Local\faafjliiojpmmddnktxssxb.aag
| MD5 | 570c856cfe349cc4990396137a88f1ea |
| SHA1 | 94ac385515c21dc043eb6f89e44bab854a54a240 |
| SHA256 | b7cdafd638b576ec7078566c0d58c12eac64fd926071d2a08a17c036829e6a55 |
| SHA512 | c6030e244ff7ea37b28908a6ec4f7520e230f1ef397bf23994bda40d87f6a1adc4d17677495565f1a9b84b17ab0f8ef09462eb9496949afc3b97332afd0d233b |
C:\Program Files (x86)\faafjliiojpmmddnktxssxb.aag
| MD5 | 04be6650be2cc269568272b71fdc5a18 |
| SHA1 | 1288527aa229ca30ecc5abe75452642c73c46283 |
| SHA256 | 359609f440246730084d01ef69248af508633668bed4ab47ab33f14423a14c8c |
| SHA512 | a621f1f5eff40c8e362f7879832f32e5429855f114e06dbcf299139e9befbf572cffdae38bf37b1337ee8c9792d91ce58732294002bc8d57df19bfbb67961617 |
C:\Program Files (x86)\faafjliiojpmmddnktxssxb.aag
| MD5 | 7d90fb22a85f35afd0dad83709035e36 |
| SHA1 | eb3e354ba614ad6e43b6d8fe27b2f65c3b0b28ac |
| SHA256 | c230cf04ea5e322d22011dd2af24f69a6a37081b0ff8c1f7608d81c7b2b8d644 |
| SHA512 | 78cac2d379374d700d4e9046e2008ef69ebbd5d2d45003045ccf02dc64ca365246a66d5dc3a842049d3fe25ba3ac3ce8e00a4bf278082a6bf0ac0cc00e9b41e0 |
C:\Program Files (x86)\faafjliiojpmmddnktxssxb.aag
| MD5 | f53413012199cc3a9394b166c37e6f64 |
| SHA1 | d4638918a47572eec2ae2f824cc8df47a2763558 |
| SHA256 | e844b942ff0bc71ef1139da8583868ec457267c50d8282ab13919d8f5c37eb93 |
| SHA512 | cab19afb38a5c2f23796284c0a62730f9a1082b0e80eb737ee27a4d32c7a2d6729d654b8742182e565f07540c6d30b80f5ccd54a8ffb30decc3906709d04b202 |
C:\Users\Admin\AppData\Local\faafjliiojpmmddnktxssxb.aag
| MD5 | 62162393d2bbf3f58c4fa217a826ed96 |
| SHA1 | d03fdde180d40828266cdb85df4417e420a3f181 |
| SHA256 | 8f3d72d0d3a1a7b63dbeddceb2c7561014b8d7d9184f84b29f2e3d63a34d35ec |
| SHA512 | e2a535bab6e5530ca7f8602f7c7a7cac4b244f137830ae8abe5901737a3365fbb85f1ff54277e1c53a6b367e5ba553dfb2cd5f2e01ab0272a86c1c4727bb5888 |
C:\Program Files (x86)\faafjliiojpmmddnktxssxb.aag
| MD5 | db156864643c2b0ca345efbe8cf187ec |
| SHA1 | 9e59368fff55a1cfc42d6196bfecc83776451599 |
| SHA256 | c064bf121ce7412a6be4ea6a8f4d50bdc4541f4ef20b6ba1efaf0af5040fd3a7 |
| SHA512 | ced700dcdee50a073461e4f6839cbe26a64ce4ab1e300447217c583ce476100bba487adbb0e8478a345e48b68cde3cd68b646d2da42832418225759f96842608 |
C:\Program Files (x86)\faafjliiojpmmddnktxssxb.aag
| MD5 | eb642888409f145c8091610b837ab5a1 |
| SHA1 | 1b204d9713269f4d815b937b0f27357974c34407 |
| SHA256 | d648b7ed84e7adab73c27a6786201c929e2f23cf9c34a2df357804203c82ca07 |
| SHA512 | 214dd4275bd2b380ef8f5683bdc6d33afa26b23e391f45da2427ebf59fe0b9fd89b1dc18f9cf1386b9da3dff8730e4281d7bf50ec5275d7e306f272da266b4a3 |
C:\Program Files (x86)\faafjliiojpmmddnktxssxb.aag
| MD5 | d4d15dd520ada014376988e86634c01b |
| SHA1 | 3db78153a3b8e9edd844720d1ab972d8f92c41ea |
| SHA256 | 3415b1b696aec957a7ef0e62a82e8848bc188ac06e098b269f859aaa66ef3257 |
| SHA512 | 6654b89eb8bfa2fed5d65d3c0b3479542d2186dab1c94399f5554d032d584afc076bdba3953a80c59edb5f49ea7a406f733b8ccd948c91806aa3c2dd15e4dcf8 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-04-18 11:32
Reported
2025-04-18 11:35
Platform
win11-20250410-en
Max time kernel
53s
Max time network
151s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "itkbtkxskxgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "blbriykevhpkbhqw.exe" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itkbtkxskxgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "pdxrmgwupfrqlvisyvlz.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdxrmgwupfrqlvisyvlz.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdxrmgwupfrqlvisyvlz.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cpibvodaujusmvhqvrg.exe" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "cpibvodaujusmvhqvrg.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "etojfarqmdqqmxlwdbshc.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "cpibvodaujusmvhqvrg.exe" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blbriykevhpkbhqw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "blbriykevhpkbhqw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdxrmgwupfrqlvisyvlz.exe" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "cpibvodaujusmvhqvrg.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "blbriykevhpkbhqw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itkbtkxskxgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "etojfarqmdqqmxlwdbshc.exe" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "rdvngymibpzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "pdxrmgwupfrqlvisyvlz.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rdvngymibpzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "blbriykevhpkbhqw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cpibvodaujusmvhqvrg.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "pdxrmgwupfrqlvisyvlz.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "etojfarqmdqqmxlwdbshc.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "pdxrmgwupfrqlvisyvlz.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itkbtkxskxgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "itkbtkxskxgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "itkbtkxskxgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blbriykevhpkbhqw.exe" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itkbtkxskxgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blbriykevhpkbhqw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "itkbtkxskxgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "etojfarqmdqqmxlwdbshc.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "itkbtkxskxgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wbmxjubqcjm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rdvngymibpzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbpdsgqixhngvz = "rdvngymibpzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "pdxrmgwupfrqlvisyvlz.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "etojfarqmdqqmxlwdbshc.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rdvngymibpzwpxiqup = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rdvngymibpzwpxiqup = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itkbtkxskxgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rdvngymibpzwpxiqup = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\blbriykevhpkbhqw = "etojfarqmdqqmxlwdbshc.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\wfujzozsitaukpx = "itkbtkxskxgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe ." | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\itkbtkxskxgcublsv.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdxrmgwupfrqlvisyvlz.exe ." | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rdvngymibpzwpxiqup = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blbriykevhpkbhqw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blbriykevhpkbhqw.exe ." | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdxrmgwupfrqlvisyvlz.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "blbriykevhpkbhqw.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blbriykevhpkbhqw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rdvngymibpzwpxiqup = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "rdvngymibpzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "rdvngymibpzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "etojfarqmdqqmxlwdbshc.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\wfujzozsitaukpx = "etojfarqmdqqmxlwdbshc.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "etojfarqmdqqmxlwdbshc.exe" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rdvngymibpzwpxiqup.exe ." | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdxrmgwupfrqlvisyvlz.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\blbriykevhpkbhqw = "blbriykevhpkbhqw.exe ." | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "blbriykevhpkbhqw.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdxrmgwupfrqlvisyvlz.exe ." | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\blbriykevhpkbhqw = "cpibvodaujusmvhqvrg.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "itkbtkxskxgcublsv.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "itkbtkxskxgcublsv.exe ." | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "pdxrmgwupfrqlvisyvlz.exe ." | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rdvngymibpzwpxiqup.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\blbriykevhpkbhqw = "blbriykevhpkbhqw.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rdvngymibpzwpxiqup.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\wfujzozsitaukpx = "pdxrmgwupfrqlvisyvlz.exe" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\blbriykevhpkbhqw = "itkbtkxskxgcublsv.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\wfujzozsitaukpx = "itkbtkxskxgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cpibvodaujusmvhqvrg.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe ." | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\blbriykevhpkbhqw = "rdvngymibpzwpxiqup.exe ." | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe ." | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdxrmgwupfrqlvisyvlz.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etojfarqmdqqmxlwdbshc.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blbriykevhpkbhqw.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "etojfarqmdqqmxlwdbshc.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\wfujzozsitaukpx = "rdvngymibpzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cpibvodaujusmvhqvrg.exe ." | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\blbriykevhpkbhqw = "rdvngymibpzwpxiqup.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cpibvodaujusmvhqvrg.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rdvngymibpzwpxiqup = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdxrmgwupfrqlvisyvlz.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\itkbtkxskxgcublsv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rdvngymibpzwpxiqup.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\blbriykevhpkbhqw = "pdxrmgwupfrqlvisyvlz.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cpibvodaujusmvhqvrg.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\blbriykevhpkbhqw = "pdxrmgwupfrqlvisyvlz.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rdvngymibpzwpxiqup.exe ." | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rdvngymibpzwpxiqup = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cpibvodaujusmvhqvrg.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\blbriykevhpkbhqw = "pdxrmgwupfrqlvisyvlz.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tzlxkweuhptk = "cpibvodaujusmvhqvrg.exe" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pdxrmgwupfrqlvisyvlz.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\szmznajaoxcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\blbriykevhpkbhqw.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| File opened for modification | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| File created | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\itkbtkxskxgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vtxbgkksxxtchbysippnrvaeem.rnw | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rdvngymibpzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\itkbtkxskxgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\blbriykevhpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etojfarqmdqqmxlwdbshc.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\blbriykevhpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rdvngymibpzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etojfarqmdqqmxlwdbshc.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\blbriykevhpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\itkbtkxskxgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\itkbtkxskxgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etojfarqmdqqmxlwdbshc.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\blbriykevhpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\blbriykevhpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vlhdawooldrspbqckjbrnj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rdvngymibpzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vlhdawooldrspbqckjbrnj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rdvngymibpzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etojfarqmdqqmxlwdbshc.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rdvngymibpzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vlhdawooldrspbqckjbrnj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vlhdawooldrspbqckjbrnj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rdvngymibpzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wfujzozsitaukpxcdvgpetjyjcsdkeuzhmnfq.odt | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etojfarqmdqqmxlwdbshc.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etojfarqmdqqmxlwdbshc.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vlhdawooldrspbqckjbrnj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rdvngymibpzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rdvngymibpzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etojfarqmdqqmxlwdbshc.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etojfarqmdqqmxlwdbshc.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\blbriykevhpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vlhdawooldrspbqckjbrnj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\itkbtkxskxgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vlhdawooldrspbqckjbrnj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etojfarqmdqqmxlwdbshc.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\blbriykevhpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\itkbtkxskxgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File created | C:\Windows\SysWOW64\wfujzozsitaukpxcdvgpetjyjcsdkeuzhmnfq.odt | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pdxrmgwupfrqlvisyvlz.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vlhdawooldrspbqckjbrnj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rdvngymibpzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\vtxbgkksxxtchbysippnrvaeem.rnw | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| File created | C:\Program Files (x86)\vtxbgkksxxtchbysippnrvaeem.rnw | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| File opened for modification | C:\Program Files (x86)\wfujzozsitaukpxcdvgpetjyjcsdkeuzhmnfq.odt | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| File created | C:\Program Files (x86)\wfujzozsitaukpxcdvgpetjyjcsdkeuzhmnfq.odt | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\vlhdawooldrspbqckjbrnj.exe | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| File opened for modification | C:\Windows\pdxrmgwupfrqlvisyvlz.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\rdvngymibpzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\etojfarqmdqqmxlwdbshc.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\rdvngymibpzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\blbriykevhpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\blbriykevhpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\rdvngymibpzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\etojfarqmdqqmxlwdbshc.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\pdxrmgwupfrqlvisyvlz.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\blbriykevhpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\etojfarqmdqqmxlwdbshc.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\blbriykevhpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\etojfarqmdqqmxlwdbshc.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\rdvngymibpzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\pdxrmgwupfrqlvisyvlz.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\itkbtkxskxgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\itkbtkxskxgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\rdvngymibpzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\pdxrmgwupfrqlvisyvlz.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\itkbtkxskxgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\vlhdawooldrspbqckjbrnj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\blbriykevhpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File created | C:\Windows\wfujzozsitaukpxcdvgpetjyjcsdkeuzhmnfq.odt | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| File opened for modification | C:\Windows\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\pdxrmgwupfrqlvisyvlz.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\rdvngymibpzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\vlhdawooldrspbqckjbrnj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\etojfarqmdqqmxlwdbshc.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\vlhdawooldrspbqckjbrnj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\pdxrmgwupfrqlvisyvlz.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\rdvngymibpzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\rdvngymibpzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\itkbtkxskxgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\itkbtkxskxgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\itkbtkxskxgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\etojfarqmdqqmxlwdbshc.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\blbriykevhpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| File opened for modification | C:\Windows\etojfarqmdqqmxlwdbshc.exe | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| File opened for modification | C:\Windows\vlhdawooldrspbqckjbrnj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\etojfarqmdqqmxlwdbshc.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\rdvngymibpzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\wfujzozsitaukpxcdvgpetjyjcsdkeuzhmnfq.odt | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| File opened for modification | C:\Windows\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\etojfarqmdqqmxlwdbshc.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\itkbtkxskxgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\etojfarqmdqqmxlwdbshc.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\rdvngymibpzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| File opened for modification | C:\Windows\vlhdawooldrspbqckjbrnj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\pdxrmgwupfrqlvisyvlz.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\cpibvodaujusmvhqvrg.exe | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| File opened for modification | C:\Windows\pdxrmgwupfrqlvisyvlz.exe | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| File opened for modification | C:\Windows\pdxrmgwupfrqlvisyvlz.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etojfarqmdqqmxlwdbshc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rdvngymibpzwpxiqup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\itkbtkxskxgcublsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cpibvodaujusmvhqvrg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\blbriykevhpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cpibvodaujusmvhqvrg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\blbriykevhpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rdvngymibpzwpxiqup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\blbriykevhpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\blbriykevhpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\blbriykevhpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pdxrmgwupfrqlvisyvlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\blbriykevhpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etojfarqmdqqmxlwdbshc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rdvngymibpzwpxiqup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\itkbtkxskxgcublsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cpibvodaujusmvhqvrg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pdxrmgwupfrqlvisyvlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\itkbtkxskxgcublsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pdxrmgwupfrqlvisyvlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rdvngymibpzwpxiqup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\blbriykevhpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cpibvodaujusmvhqvrg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pdxrmgwupfrqlvisyvlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\itkbtkxskxgcublsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etojfarqmdqqmxlwdbshc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\blbriykevhpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etojfarqmdqqmxlwdbshc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etojfarqmdqqmxlwdbshc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\itkbtkxskxgcublsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etojfarqmdqqmxlwdbshc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pdxrmgwupfrqlvisyvlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pdxrmgwupfrqlvisyvlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etojfarqmdqqmxlwdbshc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\edint.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bddd16d20828ab7fce7d46416ccf084f.exe"
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bddd16d20828ab7fce7d46416ccf084f.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."
C:\Users\Admin\AppData\Local\Temp\edint.exe
"C:\Users\Admin\AppData\Local\Temp\edint.exe" "-C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe"
C:\Users\Admin\AppData\Local\Temp\edint.exe
"C:\Users\Admin\AppData\Local\Temp\edint.exe" "-C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe .
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe .
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\blbriykevhpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe .
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\itkbtkxskxgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Windows\itkbtkxskxgcublsv.exe
itkbtkxskxgcublsv.exe
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\rdvngymibpzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etojfarqmdqqmxlwdbshc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\etojfarqmdqqmxlwdbshc.exe
etojfarqmdqqmxlwdbshc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\etojfarqmdqqmxlwdbshc.exe*."
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cpibvodaujusmvhqvrg.exe .
C:\Windows\cpibvodaujusmvhqvrg.exe
cpibvodaujusmvhqvrg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\cpibvodaujusmvhqvrg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\cpibvodaujusmvhqvrg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe .
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\pdxrmgwupfrqlvisyvlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe
C:\Users\Admin\AppData\Local\Temp\etojfarqmdqqmxlwdbshc.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\etojfarqmdqqmxlwdbshc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c blbriykevhpkbhqw.exe .
C:\Windows\blbriykevhpkbhqw.exe
blbriykevhpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pdxrmgwupfrqlvisyvlz.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\blbriykevhpkbhqw.exe*."
C:\Windows\pdxrmgwupfrqlvisyvlz.exe
pdxrmgwupfrqlvisyvlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rdvngymibpzwpxiqup.exe .
C:\Windows\rdvngymibpzwpxiqup.exe
rdvngymibpzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Users\Admin\AppData\Local\Temp\cpibvodaujusmvhqvrg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\rdvngymibpzwpxiqup.exe*."
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\itkbtkxskxgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\itkbtkxskxgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\blbriykevhpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rdvngymibpzwpxiqup.exe .
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| GB | 2.22.69.9:80 | www.ebay.com | tcp |
| GB | 77.97.178.13:26660 | tcp | |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| GB | 77.97.178.13:26660 | tcp | |
| US | 8.8.8.8:53 | ywknbghwrub.net | udp |
| US | 8.8.8.8:53 | vtthja.info | udp |
| US | 8.8.8.8:53 | oxzyoq.net | udp |
| US | 8.8.8.8:53 | rgsbheaqho.info | udp |
| US | 8.8.8.8:53 | uarpowz.info | udp |
| US | 8.8.8.8:53 | sdcvgoblzxxm.net | udp |
| US | 8.8.8.8:53 | egweogyowg.com | udp |
| US | 8.8.8.8:53 | aquwqqxaf.info | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | fprlkmzadb.net | udp |
| US | 8.8.8.8:53 | cbpajgdfn.info | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | klbadqyytudg.info | udp |
| US | 8.8.8.8:53 | wcxqvtz.info | udp |
| US | 8.8.8.8:53 | hmbsncnqqcz.info | udp |
| US | 8.8.8.8:53 | zuibyy.net | udp |
| US | 8.8.8.8:53 | bmzjxo.info | udp |
| US | 8.8.8.8:53 | ukvggkhzpmq.info | udp |
| US | 8.8.8.8:53 | hpiupsmrnd.net | udp |
| US | 8.8.8.8:53 | ufmzekownatj.info | udp |
| US | 8.8.8.8:53 | cumfbuiopyi.net | udp |
| US | 8.8.8.8:53 | hmbncf.net | udp |
| US | 8.8.8.8:53 | ltdjxdvcbf.info | udp |
| US | 8.8.8.8:53 | kgqsoysu.com | udp |
| US | 8.8.8.8:53 | szzgzkj.info | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | aqmiackiiaqy.com | udp |
| US | 8.8.8.8:53 | yrfwmjuz.net | udp |
| US | 8.8.8.8:53 | akagqeoqcu.org | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | gljhtjlp.net | udp |
| US | 8.8.8.8:53 | yuhitygcmyr.net | udp |
| US | 8.8.8.8:53 | kwxgjeyij.info | udp |
| US | 8.8.8.8:53 | iaaufrlxlxh.net | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | akyyfyjnvgc.info | udp |
| US | 8.8.8.8:53 | znngdy.net | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | qjkonbhumkh.net | udp |
| US | 8.8.8.8:53 | kgpsnaek.net | udp |
| US | 8.8.8.8:53 | juqeglswf.info | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | bnwsvo.net | udp |
| US | 8.8.8.8:53 | gokexxn.info | udp |
| US | 8.8.8.8:53 | yshkavzsr.info | udp |
| US | 8.8.8.8:53 | tdouhoqebj.net | udp |
| US | 8.8.8.8:53 | iojdyvbbzc.info | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | oytcbebyvyd.info | udp |
| US | 8.8.8.8:53 | ohbgqidf.net | udp |
| US | 8.8.8.8:53 | pduybwejr.net | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | jqlifzlf.net | udp |
| US | 8.8.8.8:53 | tfgffg.net | udp |
| US | 8.8.8.8:53 | iuewoi.org | udp |
| US | 8.8.8.8:53 | pijpnex.com | udp |
| US | 8.8.8.8:53 | qksywsgucooy.com | udp |
| US | 8.8.8.8:53 | eeyiyqkaue.com | udp |
| US | 8.8.8.8:53 | jhvpzccfefzw.info | udp |
| US | 8.8.8.8:53 | dffcct.info | udp |
| US | 8.8.8.8:53 | acoucsaammui.com | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | lslgvgzowrv.info | udp |
| US | 8.8.8.8:53 | pmujjrpzr.org | udp |
| US | 8.8.8.8:53 | dhosgzoi.info | udp |
| US | 8.8.8.8:53 | qktupgzkz.net | udp |
| US | 8.8.8.8:53 | ajifwfkhlzpp.info | udp |
| US | 8.8.8.8:53 | sreyxkcefuu.info | udp |
| US | 8.8.8.8:53 | qskuiymg.com | udp |
| US | 8.8.8.8:53 | bcbmluskz.org | udp |
| US | 8.8.8.8:53 | vhiblllqqola.net | udp |
| US | 8.8.8.8:53 | coiokkcwwmmy.com | udp |
| US | 8.8.8.8:53 | shlozyf.net | udp |
| US | 8.8.8.8:53 | vghfvlrnau.net | udp |
| US | 8.8.8.8:53 | mqgggocgiieg.com | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | iukkns.info | udp |
| US | 8.8.8.8:53 | gmmovvrpxh.net | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | trujbyhikp.info | udp |
| US | 8.8.8.8:53 | vuleibjrjt.net | udp |
| US | 8.8.8.8:53 | gsjszsxqk.info | udp |
| US | 8.8.8.8:53 | ermrcunkrfea.net | udp |
| US | 8.8.8.8:53 | sgvfqegygpfh.info | udp |
| US | 8.8.8.8:53 | kagivguvon.net | udp |
| US | 8.8.8.8:53 | palasv.info | udp |
| US | 8.8.8.8:53 | uyfajuckoyd.info | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | ccquddl.info | udp |
| US | 8.8.8.8:53 | hrgyviddjz.net | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | okjnriz.info | udp |
| US | 8.8.8.8:53 | faexnijllwx.org | udp |
| US | 8.8.8.8:53 | jcukdqyc.net | udp |
| US | 8.8.8.8:53 | jhmglfbqh.net | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | ewivjxreigup.net | udp |
| US | 8.8.8.8:53 | gllygzmbvc.info | udp |
| US | 8.8.8.8:53 | ahgnuwynvr.net | udp |
Files
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
| MD5 | bd2d128ca0ff7786e44ca4e2f3807b06 |
| SHA1 | b073e74c3fb687f4b5a9838ee8b2e5b9856abec5 |
| SHA256 | 2cecd4903a4f423e289e6b60361c7fe38ec58566ea0cabcc26c55af8c6e5488f |
| SHA512 | 7c54a498207d077ea9921b427bd2640a645df15f86025d3f2cecac62f045bae6317c74dc65f690ff8788e71066c3ed98dc8fc527805dfa7d8b73400327449618 |
C:\Windows\SysWOW64\rdvngymibpzwpxiqup.exe
| MD5 | bddd16d20828ab7fce7d46416ccf084f |
| SHA1 | 87067755449ba7bc2cbbf04edae0a03b60e0c91a |
| SHA256 | 57c85e0a2c34c0e1e6a434194422f6c3a1fd44d66bc1848803fa0421b621fdd7 |
| SHA512 | 350ab8929b2a3bdc27fe8465fb5cd3f28885898fd09a91e884efcd6bfde777b5ed26e1dca9de2fc89ed79efdb276f5713b1c08a0a5b88c8809238e035bd6b425 |
C:\Users\Admin\AppData\Local\Temp\edint.exe
| MD5 | a62131c4f1ec9cb0677f57def1879c4e |
| SHA1 | 52d71559d7c7f28fbda16c694fc4d9016800e0ab |
| SHA256 | 71347cf9787f6aeb914e567e740fa7047b822c64d11cb2fa84fa4b7e29146dd8 |
| SHA512 | 112d94ac8db88ff5581a923f537eea17fee7e89de1c7d8852ec949a31215ffdbc15d8f84fcb6c2bfed3ac5bb1f4234c10b8334db480c10e1c1a4090b75d9a8b6 |
C:\Users\Admin\AppData\Local\vtxbgkksxxtchbysippnrvaeem.rnw
| MD5 | 762fa5784e2c8f4e7928d8edb0c1600c |
| SHA1 | c3441baff5b1215cc74d4c7527f0dd5ea98ede2e |
| SHA256 | 06b5446c8fc67a72dc5241b3fce97fb5fb7bca070a7d7f4a3af384b77b7f3769 |
| SHA512 | ac738e47f91f52ed50018bf6eb7ecdb5e02f131e90c3199a4791014c8f0926330ee285437ec20ce4e039846a721d0b7f1e3bdbb6d52b75c3b37d7c4ab3af5022 |
C:\Users\Admin\AppData\Local\wfujzozsitaukpxcdvgpetjyjcsdkeuzhmnfq.odt
| MD5 | a638735c91a4776699f6855c69bdee08 |
| SHA1 | a10ac65b0191ef43f5c6d418638c597f8cb99713 |
| SHA256 | 42d53c783de385ad5bf10f7ad714070e51c191e3ebefed99bd133f8b6b87d7d5 |
| SHA512 | 259887f454f14e0c670dd7f9658120a9dead6276da94b1d024707b085200b30373019fd0e554a601bdb6077c1e39e1f06ddbb8589a96105faa26eb5b27104694 |
C:\Program Files (x86)\vtxbgkksxxtchbysippnrvaeem.rnw
| MD5 | ca4b90353a1f71410a302452bc53a160 |
| SHA1 | 045aa2583e8a4b14e3b7225b52ab6b2939b66bf7 |
| SHA256 | 00e244bd6d7df4225da45ef0b869f93afbd44864719c30ada57c7fca563cf8bf |
| SHA512 | 1804693ee3c1dc1b21cd7c17d86e247ef6f16d7a49d0955d05223f7de3f9e7028906ead75b965191e7771bf98b9c6bebe4ae11dd4344ab50d446120d8aeaa524 |
C:\Program Files (x86)\vtxbgkksxxtchbysippnrvaeem.rnw
| MD5 | aaa9e48b6d59fc4c4db1852e2f8daa6f |
| SHA1 | 27bbce7738a25a3fe25a4553d77361b4f342e089 |
| SHA256 | c779455434f44aba3b468bcc320ef623958fc954e7acf248b170a06d738e29fa |
| SHA512 | b9db53c8baa1f98c7bf9767385fd6baf2452b2271b106daec8fc99fe9d6b04af8e188694b747cd03b12dc1c47c66abe3f1bfcfc67b382d56d966d94d74db80e5 |
C:\Program Files (x86)\vtxbgkksxxtchbysippnrvaeem.rnw
| MD5 | bf144dd97ff07b067e1dc4716b67c362 |
| SHA1 | 0ba7ab843cbcb67c126f116c58e60fc5e5970e03 |
| SHA256 | dc02adbf0f233068d8c4e1f435d5438f33943cb01385115be9dfea1b7a5638dd |
| SHA512 | 80e2e0fc665b33a7a6ce8376f31a5ef20653021c0752030e2d2b5f9e0ca1dd871fd35d08f2f5ec3e6e8a940334a9a99e95ab34769c3f2909f0de93f24dd2fd1c |
C:\Program Files (x86)\vtxbgkksxxtchbysippnrvaeem.rnw
| MD5 | 27337e187bcd08f0f5d31526834ad920 |
| SHA1 | fa187b2aea718f4245ac5e3bbf2cef74605304e2 |
| SHA256 | 7f8a7f8cc4fb9e9163251f97c4546ec13372628b1a90f1f8e77fd8f7786e0b50 |
| SHA512 | 78db6a91e75eb07fe3d62d8dcbce54ab3d82062b7da07ff4accb99a1866330fdcf7dca260ebb0cf19431b1b0a669e8500e2ea92d83ce6d6954232a8d5df3f6a7 |
C:\Program Files (x86)\vtxbgkksxxtchbysippnrvaeem.rnw
| MD5 | 18ee136afb4ed5721dd831ba6de934e4 |
| SHA1 | 2d7d745015b3d6289720e169cf512aa3668a41b3 |
| SHA256 | 40dddb047b4abc0520c2e07c450a7f03d3f2c3fc3b3079c6fc40f3ca3d2c0362 |
| SHA512 | 6f6202821c8b60452948c554ddaa5734da0040cb87e55633da0299cd8095169e2423c8a6773308f03b53cf26fa24dd4a022784e1d163924efaefc062dde30f21 |
C:\Program Files (x86)\vtxbgkksxxtchbysippnrvaeem.rnw
| MD5 | 6432ffb24e491818ad88e2fb30a5d47e |
| SHA1 | 37a40521e7823c24a0d61d7021faecfdcb11eac4 |
| SHA256 | 2be68cab25447386bfb95b306d52aaa3a18c128a8507b417836100c1f1f9051e |
| SHA512 | 7b3b3505025b17cbf9f770b0185a86065297ab0faf10d27b39966595ec22105e1b3d06c1b2e5a0e6805109b5c84dc364ea118289909b243a0ce191ebdce625bc |
C:\Program Files (x86)\vtxbgkksxxtchbysippnrvaeem.rnw
| MD5 | af6375a5a0243137af2aba533160f358 |
| SHA1 | 74ee4f612113ffff8633ed5cef6b5af94f4b5de9 |
| SHA256 | cea2669fa43bf8bd1a98ebe80fd00721c541d6a5bfd69ad4fd9834ca0195f3e1 |
| SHA512 | 3aaeaabcb2b89e24e22f236d7e98ee38675d459a7f0b9a50b34544b41c2f012573aab9d5dd0aafd3f3c7892c8d21706d991b5514fa6617ef1ff8cdc5729c558b |