Analysis Overview
SHA256
32173afb83cbc7c35e4b7c70ca3bdfb64155ce5da72d0fc359c4a0cd2096d7c8
Threat Level: Known bad
The file JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36 was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies WinLogon for persistence
Pykspa
Pykspa family
Detect Pykspa worm
Adds policy Run key to start application
Disables RegEdit via registry modification
Impair Defenses: Safe Mode Boot
Executes dropped EXE
Checks computer location settings
Looks up external IP address via web service
Checks whether UAC is enabled
Hijack Execution Flow: Executable Installer File Permissions Weakness
Adds Run key to start application
Drops file in System32 directory
Drops autorun.inf file
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
System policy modification
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-19 01:29
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-19 01:29
Reported
2025-04-19 01:31
Platform
win10v2004-20250314-en
Max time kernel
43s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bryxiuogrikprerz.exe" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvfhvkhcqkpxcsitudg.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "rjstguqkxqubfujttb.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "ezlpfwvsielvcumzcnsnz.exe" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\izhhtgbugybhkymvu.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvfhvkhcqkpxcsitudg.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "cvfhvkhcqkpxcsitudg.exe" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bryxiuogrikprerz.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "izhhtgbugybhkymvu.exe" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvfhvkhcqkpxcsitudg.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "bryxiuogrikprerz.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ezlpfwvsielvcumzcnsnz.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bryxiuogrikprerz.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "izhhtgbugybhkymvu.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "ezlpfwvsielvcumzcnsnz.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rjstguqkxqubfujttb.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ezlpfwvsielvcumzcnsnz.exe" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "cvfhvkhcqkpxcsitudg.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "izhhtgbugybhkymvu.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\izhhtgbugybhkymvu.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "rjstguqkxqubfujttb.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "rjstguqkxqubfujttb.exe" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvfhvkhcqkpxcsitudg.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "ezlpfwvsielvcumzcnsnz.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "izhhtgbugybhkymvu.exe" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "cvfhvkhcqkpxcsitudg.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "izhhtgbugybhkymvu.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ezlpfwvsielvcumzcnsnz.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mouano = "ykaqnyldtjkprerz.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "izhhtgbugybhkymvu.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "bryxiuogrikprerz.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lkn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fsjaykyrizbhkymvu.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvfhvkhcqkpxcsitudg.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ezlpfwvsielvcumzcnsnz.exe" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "izhhtgbugybhkymvu.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "rjstguqkxqubfujttb.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "cvfhvkhcqkpxcsitudg.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\whjdjqfsykh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bryxiuogrikprerz.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thmjscuktiillw = "bryxiuogrikprerz.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\bryxiuogrikprerz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\bryxiuogrikprerz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\izhhtgbugybhkymvu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\rjstguqkxqubfujttb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\izhhtgbugybhkymvu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\rjstguqkxqubfujttb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\izhhtgbugybhkymvu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\bryxiuogrikprerz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\bryxiuogrikprerz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\bryxiuogrikprerz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\izhhtgbugybhkymvu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\izhhtgbugybhkymvu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\pjuxmcawlgmvbsjvxhlf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\rjstguqkxqubfujttb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\izhhtgbugybhkymvu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\bryxiuogrikprerz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\izhhtgbugybhkymvu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\pjuxmcawlgmvbsjvxhlf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\izhhtgbugybhkymvu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\pjuxmcawlgmvbsjvxhlf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\pjuxmcawlgmvbsjvxhlf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\izhhtgbugybhkymvu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\izhhtgbugybhkymvu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\izhhtgbugybhkymvu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation | C:\Windows\pjuxmcawlgmvbsjvxhlf.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rjstguqkxqubfujttb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bryxiuogrikprerz.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rjstguqkxqubfujttb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\izhhtgbugybhkymvu.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "cvfhvkhcqkpxcsitudg.exe" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wlrpzkdueuvzamy = "izhhtgbugybhkymvu.exe" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\izhhtgbugybhkymvu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvfhvkhcqkpxcsitudg.exe ." | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "bryxiuogrikprerz.exe" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvfhvkhcqkpxcsitudg.exe ." | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "pjuxmcawlgmvbsjvxhlf.exe ." | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ezlpfwvsielvcumzcnsnz.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rjstguqkxqubfujttb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\izhhtgbugybhkymvu.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\izhhtgbugybhkymvu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bryxiuogrikprerz.exe ." | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\izhhtgbugybhkymvu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rjstguqkxqubfujttb.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "ezlpfwvsielvcumzcnsnz.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rjstguqkxqubfujttb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bryxiuogrikprerz = "pjuxmcawlgmvbsjvxhlf.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "cvfhvkhcqkpxcsitudg.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\izhhtgbugybhkymvu.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "rjstguqkxqubfujttb.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bryxiuogrikprerz = "ezlpfwvsielvcumzcnsnz.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "bryxiuogrikprerz.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sswa = "ykaqnyldtjkprerz.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bchmy = "ykaqnyldtjkprerz.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sswa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsnikaspkflvcumzcnpgb.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bchmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fsjaykyrizbhkymvu.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bryxiuogrikprerz = "izhhtgbugybhkymvu.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wlrpzkdueuvzamy = "izhhtgbugybhkymvu.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "rjstguqkxqubfujttb.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bryxiuogrikprerz = "pjuxmcawlgmvbsjvxhlf.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "cvfhvkhcqkpxcsitudg.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wlrpzkdueuvzamy = "izhhtgbugybhkymvu.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bryxiuogrikprerz.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rjstguqkxqubfujttb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ezlpfwvsielvcumzcnsnz.exe" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wlrpzkdueuvzamy = "ezlpfwvsielvcumzcnsnz.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rjstguqkxqubfujttb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvfhvkhcqkpxcsitudg.exe" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "izhhtgbugybhkymvu.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "pjuxmcawlgmvbsjvxhlf.exe" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\izhhtgbugybhkymvu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ezlpfwvsielvcumzcnsnz.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\izhhtgbugybhkymvu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ezlpfwvsielvcumzcnsnz.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\izhhtgbugybhkymvu.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rjstguqkxqubfujttb.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bryxiuogrikprerz = "izhhtgbugybhkymvu.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rjstguqkxqubfujttb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\izhhtgbugybhkymvu.exe" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rjstguqkxqubfujttb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvfhvkhcqkpxcsitudg.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bryxiuogrikprerz = "izhhtgbugybhkymvu.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rjstguqkxqubfujttb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rjstguqkxqubfujttb.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\izhhtgbugybhkymvu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ezlpfwvsielvcumzcnsnz.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "pjuxmcawlgmvbsjvxhlf.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\izhhtgbugybhkymvu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bryxiuogrikprerz.exe ." | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "pjuxmcawlgmvbsjvxhlf.exe" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bryxiuogrikprerz = "izhhtgbugybhkymvu.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rjstguqkxqubfujttb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rjstguqkxqubfujttb.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "izhhtgbugybhkymvu.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\izhhtgbugybhkymvu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\izhhtgbugybhkymvu.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sfjfnwnckyxzy = "cvfhvkhcqkpxcsitudg.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjuxmcawlgmvbsjvxhlf.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "ezlpfwvsielvcumzcnsnz.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfidksiwdqop = "ezlpfwvsielvcumzcnsnz.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bryxiuogrikprerz = "bryxiuogrikprerz.exe ." | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wlrpzkdueuvzamy = "izhhtgbugybhkymvu.exe" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\ezlpfwvsielvcumzcnsnz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vrejassqhemxfyrfjvbxkp.exe | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vrejassqhemxfyrfjvbxkp.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bryxiuogrikprerz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ezlpfwvsielvcumzcnsnz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vrejassqhemxfyrfjvbxkp.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vrejassqhemxfyrfjvbxkp.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ezlpfwvsielvcumzcnsnz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\izhhtgbugybhkymvu.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\izhhtgbugybhkymvu.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjuxmcawlgmvbsjvxhlf.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\izhhtgbugybhkymvu.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjuxmcawlgmvbsjvxhlf.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cvfhvkhcqkpxcsitudg.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bryxiuogrikprerz.exe | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cvfhvkhcqkpxcsitudg.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vrejassqhemxfyrfjvbxkp.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjuxmcawlgmvbsjvxhlf.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cvfhvkhcqkpxcsitudg.exe | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjuxmcawlgmvbsjvxhlf.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bryxiuogrikprerz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ezlpfwvsielvcumzcnsnz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ezlpfwvsielvcumzcnsnz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\izhhtgbugybhkymvu.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjuxmcawlgmvbsjvxhlf.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cvfhvkhcqkpxcsitudg.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vrejassqhemxfyrfjvbxkp.exe | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cvfhvkhcqkpxcsitudg.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\izhhtgbugybhkymvu.exe | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjuxmcawlgmvbsjvxhlf.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cvfhvkhcqkpxcsitudg.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ezlpfwvsielvcumzcnsnz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ezlpfwvsielvcumzcnsnz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bryxiuogrikprerz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ezlpfwvsielvcumzcnsnz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bryxiuogrikprerz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjuxmcawlgmvbsjvxhlf.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\izhhtgbugybhkymvu.exe | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bryxiuogrikprerz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\izhhtgbugybhkymvu.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\izhhtgbugybhkymvu.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vrejassqhemxfyrfjvbxkp.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vrejassqhemxfyrfjvbxkp.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bryxiuogrikprerz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cvfhvkhcqkpxcsitudg.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bryxiuogrikprerz.exe | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bryxiuogrikprerz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cvfhvkhcqkpxcsitudg.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bryxiuogrikprerz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ezlpfwvsielvcumzcnsnz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjuxmcawlgmvbsjvxhlf.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bryxiuogrikprerz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\sfjfnwnckyxzyisxsvsfjfnwnckyxzyisxs.sfj | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| File created | C:\Program Files (x86)\sfjfnwnckyxzyisxsvsfjfnwnckyxzyisxs.sfj | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\jlepmkquruiznmlfphtvozwu.ebe | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| File created | C:\Program Files (x86)\jlepmkquruiznmlfphtvozwu.ebe | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\bryxiuogrikprerz.exe | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| File opened for modification | C:\Windows\cvfhvkhcqkpxcsitudg.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\pjuxmcawlgmvbsjvxhlf.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\vrejassqhemxfyrfjvbxkp.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\vrejassqhemxfyrfjvbxkp.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\pjuxmcawlgmvbsjvxhlf.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\vrejassqhemxfyrfjvbxkp.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\cvfhvkhcqkpxcsitudg.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\ezlpfwvsielvcumzcnsnz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\bryxiuogrikprerz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\izhhtgbugybhkymvu.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\cvfhvkhcqkpxcsitudg.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\cvfhvkhcqkpxcsitudg.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\pjuxmcawlgmvbsjvxhlf.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\ezlpfwvsielvcumzcnsnz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\vrejassqhemxfyrfjvbxkp.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\ezlpfwvsielvcumzcnsnz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\vrejassqhemxfyrfjvbxkp.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\pjuxmcawlgmvbsjvxhlf.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\vrejassqhemxfyrfjvbxkp.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\vrejassqhemxfyrfjvbxkp.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\bryxiuogrikprerz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\bryxiuogrikprerz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\pjuxmcawlgmvbsjvxhlf.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\ezlpfwvsielvcumzcnsnz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\izhhtgbugybhkymvu.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\ezlpfwvsielvcumzcnsnz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\izhhtgbugybhkymvu.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\ezlpfwvsielvcumzcnsnz.exe | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| File opened for modification | C:\Windows\pjuxmcawlgmvbsjvxhlf.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\bryxiuogrikprerz.exe | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| File opened for modification | C:\Windows\vrejassqhemxfyrfjvbxkp.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\bryxiuogrikprerz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\vrejassqhemxfyrfjvbxkp.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\izhhtgbugybhkymvu.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\izhhtgbugybhkymvu.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\vrejassqhemxfyrfjvbxkp.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\vrejassqhemxfyrfjvbxkp.exe | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| File created | C:\Windows\sfjfnwnckyxzyisxsvsfjfnwnckyxzyisxs.sfj | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| File opened for modification | C:\Windows\ezlpfwvsielvcumzcnsnz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\ezlpfwvsielvcumzcnsnz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\izhhtgbugybhkymvu.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\bryxiuogrikprerz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\cvfhvkhcqkpxcsitudg.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\cvfhvkhcqkpxcsitudg.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\pjuxmcawlgmvbsjvxhlf.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| File opened for modification | C:\Windows\bryxiuogrikprerz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\bryxiuogrikprerz.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\izhhtgbugybhkymvu.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\vrejassqhemxfyrfjvbxkp.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\rjstguqkxqubfujttb.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\cvfhvkhcqkpxcsitudg.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| File opened for modification | C:\Windows\izhhtgbugybhkymvu.exe | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bryxiuogrikprerz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rjstguqkxqubfujttb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bryxiuogrikprerz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ezlpfwvsielvcumzcnsnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\izhhtgbugybhkymvu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pjuxmcawlgmvbsjvxhlf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pjuxmcawlgmvbsjvxhlf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pjuxmcawlgmvbsjvxhlf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\izhhtgbugybhkymvu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\izhhtgbugybhkymvu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\izhhtgbugybhkymvu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\izhhtgbugybhkymvu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bryxiuogrikprerz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bryxiuogrikprerz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\izhhtgbugybhkymvu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rjstguqkxqubfujttb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\izhhtgbugybhkymvu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\izhhtgbugybhkymvu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ezlpfwvsielvcumzcnsnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bryxiuogrikprerz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ykaqnyldtjkprerz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mcwqrgxtnhmvbsjvxhiy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pjuxmcawlgmvbsjvxhlf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\izhhtgbugybhkymvu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rjstguqkxqubfujttb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bryxiuogrikprerz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rjstguqkxqubfujttb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pjuxmcawlgmvbsjvxhlf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pjuxmcawlgmvbsjvxhlf.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe"
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\rjstguqkxqubfujttb.exe*."
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."
C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe
"C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe"
C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe
"C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe .
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe
C:\Windows\ezlpfwvsielvcumzcnsnz.exe
ezlpfwvsielvcumzcnsnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\ezlpfwvsielvcumzcnsnz.exe
ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ezlpfwvsielvcumzcnsnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe .
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\rjstguqkxqubfujttb.exe*."
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe
C:\Windows\ezlpfwvsielvcumzcnsnz.exe
ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Windows\ezlpfwvsielvcumzcnsnz.exe
ezlpfwvsielvcumzcnsnz.exe
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe .
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\rjstguqkxqubfujttb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\ezlpfwvsielvcumzcnsnz.exe
ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ezlpfwvsielvcumzcnsnz.exe*."
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe
C:\Windows\ezlpfwvsielvcumzcnsnz.exe
ezlpfwvsielvcumzcnsnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe .
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."
C:\Windows\ezlpfwvsielvcumzcnsnz.exe
ezlpfwvsielvcumzcnsnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."
C:\Windows\ezlpfwvsielvcumzcnsnz.exe
ezlpfwvsielvcumzcnsnz.exe
C:\Windows\ezlpfwvsielvcumzcnsnz.exe
ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ezlpfwvsielvcumzcnsnz.exe*."
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv ogDARiFHyk6iucDK/+KuLw.0.2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe
C:\Windows\ezlpfwvsielvcumzcnsnz.exe
ezlpfwvsielvcumzcnsnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe .
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\rjstguqkxqubfujttb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\ezlpfwvsielvcumzcnsnz.exe
ezlpfwvsielvcumzcnsnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ykaqnyldtjkprerz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ykaqnyldtjkprerz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe
C:\Windows\ykaqnyldtjkprerz.exe
ykaqnyldtjkprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ykaqnyldtjkprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fsjaykyrizbhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcwqrgxtnhmvbsjvxhiy.exe .
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe .
C:\Windows\ykaqnyldtjkprerz.exe
ykaqnyldtjkprerz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fsjaykyrizbhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."
C:\Windows\ezlpfwvsielvcumzcnsnz.exe
ezlpfwvsielvcumzcnsnz.exe
C:\Windows\ykaqnyldtjkprerz.exe
ykaqnyldtjkprerz.exe
C:\Users\Admin\AppData\Local\Temp\mcwqrgxtnhmvbsjvxhiy.exe
C:\Users\Admin\AppData\Local\Temp\mcwqrgxtnhmvbsjvxhiy.exe .
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ykaqnyldtjkprerz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe
C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe
C:\Windows\fsjaykyrizbhkymvu.exe
fsjaykyrizbhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\mcwqrgxtnhmvbsjvxhiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\fsjaykyrizbhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\fsjaykyrizbhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fsjaykyrizbhkymvu.exe*."
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe
C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fsjaykyrizbhkymvu.exe*."
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\ezlpfwvsielvcumzcnsnz.exe
ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ykaqnyldtjkprerz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Windows\ykaqnyldtjkprerz.exe
ykaqnyldtjkprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcwqrgxtnhmvbsjvxhiy.exe .
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Windows\mcwqrgxtnhmvbsjvxhiy.exe
mcwqrgxtnhmvbsjvxhiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fsjaykyrizbhkymvu.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fsjaykyrizbhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\mcwqrgxtnhmvbsjvxhiy.exe*."
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Windows\fsjaykyrizbhkymvu.exe
fsjaykyrizbhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zohaaoezslpxcsitudd.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe .
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Windows\fsjaykyrizbhkymvu.exe
fsjaykyrizbhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\zohaaoezslpxcsitudd.exe
C:\Users\Admin\AppData\Local\Temp\zohaaoezslpxcsitudd.exe
C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe
C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fsjaykyrizbhkymvu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocumlynhzrubfujttb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fsjaykyrizbhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bsnikaspkflvcumzcnpgb.exe*."
C:\Users\Admin\AppData\Local\Temp\ocumlynhzrubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\ocumlynhzrubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\fsjaykyrizbhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\fsjaykyrizbhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fsjaykyrizbhkymvu.exe*."
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe .
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\rjstguqkxqubfujttb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .
C:\Windows\ezlpfwvsielvcumzcnsnz.exe
ezlpfwvsielvcumzcnsnz.exe
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe .
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\rjstguqkxqubfujttb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Windows\ezlpfwvsielvcumzcnsnz.exe
ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ezlpfwvsielvcumzcnsnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\rjstguqkxqubfujttb.exe*."
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ocumlynhzrubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."
C:\Windows\ocumlynhzrubfujttb.exe
ocumlynhzrubfujttb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ykaqnyldtjkprerz.exe .
C:\Windows\ykaqnyldtjkprerz.exe
ykaqnyldtjkprerz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fsjaykyrizbhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ykaqnyldtjkprerz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcwqrgxtnhmvbsjvxhiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe
C:\Windows\fsjaykyrizbhkymvu.exe
fsjaykyrizbhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcwqrgxtnhmvbsjvxhiy.exe
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe
C:\Windows\mcwqrgxtnhmvbsjvxhiy.exe
mcwqrgxtnhmvbsjvxhiy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe .
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\mcwqrgxtnhmvbsjvxhiy.exe*."
C:\Users\Admin\AppData\Local\Temp\mcwqrgxtnhmvbsjvxhiy.exe
C:\Users\Admin\AppData\Local\Temp\mcwqrgxtnhmvbsjvxhiy.exe
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe .
C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe
C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ykaqnyldtjkprerz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bsnikaspkflvcumzcnpgb.exe*."
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\rjstguqkxqubfujttb.exe*."
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zohaaoezslpxcsitudd.exe .
C:\Windows\ezlpfwvsielvcumzcnsnz.exe
ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\ykaqnyldtjkprerz.exe
C:\Users\Admin\AppData\Local\Temp\ykaqnyldtjkprerz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ezlpfwvsielvcumzcnsnz.exe*."
C:\Users\Admin\AppData\Local\Temp\zohaaoezslpxcsitudd.exe
C:\Users\Admin\AppData\Local\Temp\zohaaoezslpxcsitudd.exe .
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\zohaaoezslpxcsitudd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\rjstguqkxqubfujttb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\rjstguqkxqubfujttb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe .
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe .
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bryxiuogrikprerz.exe*."
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bryxiuogrikprerz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe .
C:\Windows\bryxiuogrikprerz.exe
bryxiuogrikprerz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\cvfhvkhcqkpxcsitudg.exe*."
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\rjstguqkxqubfujttb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\cvfhvkhcqkpxcsitudg.exe*."
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe
C:\Windows\ezlpfwvsielvcumzcnsnz.exe
ezlpfwvsielvcumzcnsnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izhhtgbugybhkymvu.exe .
C:\Windows\izhhtgbugybhkymvu.exe
izhhtgbugybhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\izhhtgbugybhkymvu.exe*."
C:\Windows\pjuxmcawlgmvbsjvxhlf.exe
pjuxmcawlgmvbsjvxhlf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsnikaspkflvcumzcnpgb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Windows\ezlpfwvsielvcumzcnsnz.exe
ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\bsnikaspkflvcumzcnpgb.exe
bsnikaspkflvcumzcnpgb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zohaaoezslpxcsitudd.exe .
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bryxiuogrikprerz.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ezlpfwvsielvcumzcnsnz.exe*."
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe .
C:\Windows\zohaaoezslpxcsitudd.exe
zohaaoezslpxcsitudd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fsjaykyrizbhkymvu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\izhhtgbugybhkymvu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcwqrgxtnhmvbsjvxhiy.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\zohaaoezslpxcsitudd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe
C:\Windows\fsjaykyrizbhkymvu.exe
fsjaykyrizbhkymvu.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe .
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe
C:\Users\Admin\AppData\Local\Temp\ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\mcwqrgxtnhmvbsjvxhiy.exe
mcwqrgxtnhmvbsjvxhiy.exe .
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe
C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe
C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe
C:\Users\Admin\AppData\Local\Temp\bsnikaspkflvcumzcnpgb.exe .
C:\Users\Admin\AppData\Local\Temp\bchmy.exe
"C:\Users\Admin\AppData\Local\Temp\bchmy.exe" "-c:\windows\izhhtgbugybhkymvu.exe"
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ezlpfwvsielvcumzcnsnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ocumlynhzrubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\mcwqrgxtnhmvbsjvxhiy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ykaqnyldtjkprerz.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bsnikaspkflvcumzcnpgb.exe*."
C:\Users\Admin\AppData\Local\Temp\ocumlynhzrubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\ocumlynhzrubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\ykaqnyldtjkprerz.exe
C:\Users\Admin\AppData\Local\Temp\ykaqnyldtjkprerz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ykaqnyldtjkprerz.exe*."
C:\Windows\rjstguqkxqubfujttb.exe
rjstguqkxqubfujttb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\ezlpfwvsielvcumzcnsnz.exe
ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvfhvkhcqkpxcsitudg.exe
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ezlpfwvsielvcumzcnsnz.exe*."
C:\Windows\cvfhvkhcqkpxcsitudg.exe
cvfhvkhcqkpxcsitudg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ezlpfwvsielvcumzcnsnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Windows\ezlpfwvsielvcumzcnsnz.exe
ezlpfwvsielvcumzcnsnz.exe .
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Users\Admin\AppData\Local\Temp\rjstguqkxqubfujttb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ezlpfwvsielvcumzcnsnz.exe*."
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe
C:\Users\Admin\AppData\Local\Temp\pjuxmcawlgmvbsjvxhlf.exe .
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\pjuxmcawlgmvbsjvxhlf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izhhtgbugybhkymvu.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.153.106:80 | www.google.com | tcp |
| PK | 111.119.182.129:20999 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | gezilruan.info | udp |
| US | 8.8.8.8:53 | tzkrgzbaqyqb.net | udp |
| US | 8.8.8.8:53 | wiuwoqigxph.info | udp |
| US | 8.8.8.8:53 | qjfeewn.net | udp |
| US | 8.8.8.8:53 | mwmioa.com | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | hgdudkmwvoh.com | udp |
| US | 8.8.8.8:53 | fglgbncjzlfv.net | udp |
| US | 8.8.8.8:53 | prhcbxd.info | udp |
| US | 8.8.8.8:53 | ammaaeoocsqe.com | udp |
| US | 8.8.8.8:53 | xhrqfgxijgny.net | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | pzcflxlczncg.net | udp |
| US | 8.8.8.8:53 | uofyzxwmx.info | udp |
| US | 8.8.8.8:53 | eingrbthhuw.net | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | mqmgae.com | udp |
| US | 8.8.8.8:53 | gaugiwgmqe.org | udp |
| US | 8.8.8.8:53 | fzxahifjjjun.info | udp |
| US | 8.8.8.8:53 | tqbuzqk.info | udp |
| US | 8.8.8.8:53 | sugqymkwciae.com | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | byoayol.org | udp |
| US | 8.8.8.8:53 | fwdadwtxtus.net | udp |
| US | 8.8.8.8:53 | apwgdrsb.net | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| PK | 111.119.182.129:20999 | tcp | |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | bxjqgl.net | udp |
| US | 8.8.8.8:53 | lwfhmtvlom.info | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | cmqabihkwaks.info | udp |
| US | 8.8.8.8:53 | udbdssd.info | udp |
| US | 8.8.8.8:53 | uptpawjgneb.info | udp |
| US | 8.8.8.8:53 | pculnj.net | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | twyclmv.net | udp |
| US | 8.8.8.8:53 | advhuipqvwu.net | udp |
| US | 8.8.8.8:53 | dbtgfe.net | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | xaiglmt.org | udp |
| US | 8.8.8.8:53 | bbmklqhzt.info | udp |
| US | 8.8.8.8:53 | lghgwdnk.info | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | bmatywsvx.info | udp |
| US | 8.8.8.8:53 | ervwppicsgel.info | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | zgrqfakgjmv.com | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | elxagbsk.info | udp |
| US | 8.8.8.8:53 | omqimk.org | udp |
| US | 8.8.8.8:53 | ixkxtvhsee.net | udp |
| US | 8.8.8.8:53 | yggkzcn.net | udp |
| US | 8.8.8.8:53 | iydwktnakyd.info | udp |
| US | 8.8.8.8:53 | umjmnapsm.info | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | rlwyyd.net | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | cwcgko.org | udp |
| US | 8.8.8.8:53 | ffnantivtu.info | udp |
| US | 8.8.8.8:53 | fgbwzms.net | udp |
| US | 8.8.8.8:53 | qkfytit.net | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | ysexfcl.net | udp |
| US | 8.8.8.8:53 | rvkbzkzvkwcs.info | udp |
| US | 8.8.8.8:53 | hgcpxxzcy.com | udp |
| US | 8.8.8.8:53 | sszorzmaeop.info | udp |
| US | 8.8.8.8:53 | mczwpvliurhq.info | udp |
| US | 8.8.8.8:53 | wduvwu.net | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | fjwixik.net | udp |
| US | 8.8.8.8:53 | hhkspqqmpkw.net | udp |
| US | 8.8.8.8:53 | ioqwsome.com | udp |
| US | 8.8.8.8:53 | lefepfv.net | udp |
| US | 8.8.8.8:53 | nylqpyenzgq.net | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | wigekm.info | udp |
| US | 8.8.8.8:53 | ggkaos.com | udp |
| HK | 154.55.240.162:80 | ggkaos.com | tcp |
| US | 8.8.8.8:53 | seakegaegwyg.org | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | qwuxjckfzunp.info | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | jijkzuzfbad.info | udp |
| US | 8.8.8.8:53 | cgmmykoyci.com | udp |
| US | 8.8.8.8:53 | iemyslh.info | udp |
| US | 8.8.8.8:53 | evesvcvtwgvf.info | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | hyrxsqgu.net | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | qjjcdw.net | udp |
| US | 8.8.8.8:53 | vuvmrrr.org | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | ixrrfmbyfeh.net | udp |
| US | 8.8.8.8:53 | lseknecf.info | udp |
| US | 8.8.8.8:53 | ggikac.com | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | qdpfzdmj.net | udp |
| US | 8.8.8.8:53 | tgtwxtd.info | udp |
| US | 8.8.8.8:53 | hnszbg.net | udp |
| US | 8.8.8.8:53 | xqrgnyv.info | udp |
| US | 8.8.8.8:53 | sslzhpje.info | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | wndjdwxwzizb.info | udp |
| US | 8.8.8.8:53 | xtkriynws.org | udp |
| US | 8.8.8.8:53 | qrmrual.net | udp |
| US | 8.8.8.8:53 | ukewhvfgd.net | udp |
| US | 8.8.8.8:53 | vsapftmbij.net | udp |
| US | 8.8.8.8:53 | vghbfakgnul.info | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | gmcezfbubud.net | udp |
| US | 8.8.8.8:53 | eqpfjmjukvpf.info | udp |
| US | 8.8.8.8:53 | kcxggxhtzsp.net | udp |
| US | 8.8.8.8:53 | mceeyu.org | udp |
| US | 8.8.8.8:53 | komrpwn.info | udp |
| US | 8.8.8.8:53 | wijnimdqa.info | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | blzinqdir.info | udp |
| US | 8.8.8.8:53 | duqwjywkzy.info | udp |
| US | 8.8.8.8:53 | eigqmcqw.com | udp |
| US | 8.8.8.8:53 | fmpwkjdxr.org | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | ycfpmuf.info | udp |
| US | 8.8.8.8:53 | bkrlju.net | udp |
| US | 8.8.8.8:53 | yvxhpqrocgd.info | udp |
| US | 8.8.8.8:53 | uermwaqsf.net | udp |
| US | 8.8.8.8:53 | usnhfrxobqd.net | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | cyqauwmysiaq.com | udp |
| US | 8.8.8.8:53 | avvunhqql.info | udp |
| US | 8.8.8.8:53 | kldezwzafu.info | udp |
| US | 8.8.8.8:53 | lyjirhvsmi.info | udp |
| US | 8.8.8.8:53 | hjhaoirovt.net | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | dczargardm.info | udp |
| US | 8.8.8.8:53 | lgvenryzfgw.net | udp |
| US | 8.8.8.8:53 | fmjtxizivzl.com | udp |
| US | 8.8.8.8:53 | lgeqmir.info | udp |
| US | 8.8.8.8:53 | kwdabfp.info | udp |
| US | 8.8.8.8:53 | hrxmgbbb.net | udp |
| US | 8.8.8.8:53 | cicffhwh.net | udp |
| US | 8.8.8.8:53 | xuhglgned.net | udp |
| US | 8.8.8.8:53 | hgsitoou.net | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | tkvwsiasl.org | udp |
| US | 8.8.8.8:53 | gqdsdutqtau.net | udp |
| US | 8.8.8.8:53 | lyvdjht.net | udp |
| US | 8.8.8.8:53 | dgtlhn.net | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | qftfrynjot.info | udp |
| US | 8.8.8.8:53 | rzqtyav.org | udp |
| US | 8.8.8.8:53 | habbbyhsh.net | udp |
| US | 8.8.8.8:53 | fcfoluvewin.net | udp |
| US | 8.8.8.8:53 | oqnbjk.net | udp |
| US | 8.8.8.8:53 | aqeswiqacceo.org | udp |
| US | 8.8.8.8:53 | vnuozwbsjlm.org | udp |
| US | 8.8.8.8:53 | brcvvxrk.info | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | sfjslmzgjw.info | udp |
| US | 8.8.8.8:53 | xnhmir.net | udp |
| US | 8.8.8.8:53 | quoiwacieg.org | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | ssjaaen.info | udp |
| US | 8.8.8.8:53 | rxzlgw.net | udp |
| US | 8.8.8.8:53 | uwqsemsw.org | udp |
| US | 8.8.8.8:53 | ygfmwds.net | udp |
| US | 8.8.8.8:53 | pnbhkmtyfuhc.net | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | mwjjjkr.info | udp |
| US | 8.8.8.8:53 | aguybfer.info | udp |
| US | 8.8.8.8:53 | fpqmrw.net | udp |
| US | 8.8.8.8:53 | crxwpkvkyky.info | udp |
| US | 8.8.8.8:53 | dzouyuhonqv.info | udp |
| US | 8.8.8.8:53 | thheunbhpfs.net | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | libwnuish.info | udp |
| US | 8.8.8.8:53 | dsesapolwhpi.info | udp |
| US | 8.8.8.8:53 | kikicksgee.com | udp |
| US | 8.8.8.8:53 | dcvwzeq.net | udp |
| US | 8.8.8.8:53 | weeapwhkcoj.net | udp |
| US | 8.8.8.8:53 | kcjrmqr.net | udp |
| US | 8.8.8.8:53 | ygyosi.com | udp |
| US | 8.8.8.8:53 | ewalcbqcb.net | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | gmkujclom.net | udp |
| US | 8.8.8.8:53 | lsyrbotevzv.net | udp |
| US | 8.8.8.8:53 | sggihrtfkz.info | udp |
| US | 8.8.8.8:53 | fgeoavdax.org | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | rlvzphhb.info | udp |
| US | 8.8.8.8:53 | lxpioknbpwd.net | udp |
| US | 8.8.8.8:53 | kkarxica.info | udp |
| US | 8.8.8.8:53 | ppvhoanjxi.net | udp |
| US | 8.8.8.8:53 | sieucoaoic.com | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | yarktka.info | udp |
| US | 8.8.8.8:53 | erhgstoe.info | udp |
| US | 8.8.8.8:53 | ufwnwmgk.info | udp |
| US | 8.8.8.8:53 | yowoulfwf.info | udp |
| US | 8.8.8.8:53 | lcletonwphj.org | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | xybdjtiwb.net | udp |
| US | 8.8.8.8:53 | zvqgojbsai.info | udp |
| US | 8.8.8.8:53 | pzcmjojg.net | udp |
| US | 8.8.8.8:53 | tnnqbkvencp.net | udp |
| US | 8.8.8.8:53 | sqpvbjxrkgz.net | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | hprnhl.info | udp |
| US | 8.8.8.8:53 | lztpenqhnwkg.net | udp |
| US | 8.8.8.8:53 | jadugmvm.net | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | pkdvhoyzymmd.net | udp |
| US | 8.8.8.8:53 | lpatwnha.info | udp |
| US | 8.8.8.8:53 | mcuqkofkn.info | udp |
| US | 8.8.8.8:53 | cytmfnknnwju.net | udp |
| US | 8.8.8.8:53 | xupgdwphb.info | udp |
| US | 8.8.8.8:53 | csjspdnltuc.info | udp |
| US | 8.8.8.8:53 | vjdupm.info | udp |
| US | 8.8.8.8:53 | fejezmfca.info | udp |
| US | 8.8.8.8:53 | gtydpvyc.info | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | ypwffgaxhgh.info | udp |
| US | 8.8.8.8:53 | jesshhdgmnv.info | udp |
| US | 8.8.8.8:53 | oqwibky.info | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | dqgebsy.net | udp |
| US | 8.8.8.8:53 | ccgcqa.com | udp |
| US | 8.8.8.8:53 | waoiiq.com | udp |
| US | 8.8.8.8:53 | npjodndloc.net | udp |
| US | 8.8.8.8:53 | smcaumee.org | udp |
| US | 8.8.8.8:53 | iwqyke.com | udp |
| US | 8.8.8.8:53 | zztnma.net | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | jhymuev.info | udp |
| US | 8.8.8.8:53 | ilbfddq.net | udp |
| US | 8.8.8.8:53 | puvudevt.info | udp |
| US | 8.8.8.8:53 | oqwueg.org | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | iwukakwq.org | udp |
| US | 8.8.8.8:53 | nmrcdt.net | udp |
| US | 8.8.8.8:53 | ekjevpjxdbcy.net | udp |
| US | 8.8.8.8:53 | zwpsxlio.net | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | jppkoltwgtkp.info | udp |
| US | 8.8.8.8:53 | mqjmrgpxl.info | udp |
| US | 8.8.8.8:53 | xnjyzr.net | udp |
| US | 8.8.8.8:53 | lxisqc.info | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | xuhotihxr.com | udp |
| US | 8.8.8.8:53 | wbdbyo.net | udp |
| US | 8.8.8.8:53 | bzvehadyqmj.info | udp |
| US | 8.8.8.8:53 | einmbit.info | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | aidpfsd.net | udp |
| US | 8.8.8.8:53 | zogdvtbgiyf.info | udp |
| US | 8.8.8.8:53 | yfcqlqba.net | udp |
| US | 8.8.8.8:53 | iebdoeijlfl.info | udp |
| US | 8.8.8.8:53 | nswmozsb.info | udp |
| US | 8.8.8.8:53 | qeiepkj.info | udp |
| US | 8.8.8.8:53 | yqmhlybghlx.info | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | bqndbcv.info | udp |
| US | 8.8.8.8:53 | bndcdasknd.net | udp |
| US | 8.8.8.8:53 | gwfrvohjfqne.info | udp |
| US | 8.8.8.8:53 | kkysmaswcico.org | udp |
| US | 8.8.8.8:53 | cgdadfe.info | udp |
| US | 8.8.8.8:53 | tojjshjotp.info | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | conmiwronawo.info | udp |
| US | 8.8.8.8:53 | avqszqthgo.net | udp |
| US | 8.8.8.8:53 | swbnkicabyv.info | udp |
| US | 8.8.8.8:53 | odsuti.info | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | juvkvyv.net | udp |
| US | 8.8.8.8:53 | xfjqgkperkb.org | udp |
| US | 8.8.8.8:53 | mmhupsztbkj.info | udp |
| US | 8.8.8.8:53 | ymrmbefus.net | udp |
| US | 8.8.8.8:53 | hlmazwymzdkr.info | udp |
| US | 8.8.8.8:53 | vedjzu.net | udp |
| US | 8.8.8.8:53 | ootluyjkna.net | udp |
| US | 8.8.8.8:53 | xokfrudejcj.com | udp |
| US | 8.8.8.8:53 | mgeekyayyoys.com | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | qshqpsf.net | udp |
| US | 8.8.8.8:53 | xxaozsevgxev.info | udp |
| US | 8.8.8.8:53 | bhvurp.net | udp |
| US | 8.8.8.8:53 | gidytydzj.info | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | sfwkuoshbsto.net | udp |
| US | 8.8.8.8:53 | zonrdl.net | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | eofytex.info | udp |
| US | 8.8.8.8:53 | vnortqxbacak.info | udp |
| US | 8.8.8.8:53 | jqvutyguw.info | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | acucaigsgm.com | udp |
| US | 8.8.8.8:53 | vsfbrurfw.com | udp |
| US | 8.8.8.8:53 | fgvwwulinyq.info | udp |
| US | 8.8.8.8:53 | fobycxucuuwy.net | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | niqmvewgvun.org | udp |
| US | 8.8.8.8:53 | ppusitsr.net | udp |
| US | 8.8.8.8:53 | hllpthtvfiri.net | udp |
| US | 8.8.8.8:53 | auberop.net | udp |
| US | 8.8.8.8:53 | jreeex.info | udp |
| US | 8.8.8.8:53 | eueaycoesqkq.com | udp |
| US | 8.8.8.8:53 | vikzczbicati.net | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | vcbjaa.net | udp |
| US | 8.8.8.8:53 | wwuvzetbfss.net | udp |
| US | 8.8.8.8:53 | nhljkherno.info | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | gccuvybc.info | udp |
| US | 8.8.8.8:53 | ecwsbgppv.info | udp |
| US | 8.8.8.8:53 | omdbejhbk.net | udp |
| US | 8.8.8.8:53 | wudlnkpckb.net | udp |
| US | 8.8.8.8:53 | hasaxgl.com | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | uwiutcu.info | udp |
| US | 8.8.8.8:53 | tfeaezlydy.net | udp |
| US | 8.8.8.8:53 | qhjstipqion.net | udp |
| US | 8.8.8.8:53 | crsexosaidix.net | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | pygutu.net | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | ffvsfgxkp.info | udp |
| US | 8.8.8.8:53 | grdxgg.info | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | omqoqosyyeis.org | udp |
| US | 8.8.8.8:53 | oxnggrvq.net | udp |
| US | 8.8.8.8:53 | ogewrcwf.info | udp |
| US | 8.8.8.8:53 | jcwqonisdm.net | udp |
| US | 8.8.8.8:53 | fpiuprxqs.org | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | rldvwlsv.net | udp |
| US | 8.8.8.8:53 | ffrkcuejssjs.info | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | peauhd.info | udp |
| US | 8.8.8.8:53 | eijurypxn.net | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | xihyxof.net | udp |
| US | 8.8.8.8:53 | ocvujejzkwi.info | udp |
| US | 8.8.8.8:53 | zgmddb.net | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | fvtznihgbpu.net | udp |
| US | 8.8.8.8:53 | iscetjdqarw.net | udp |
| US | 8.8.8.8:53 | jpdlhi.net | udp |
| US | 8.8.8.8:53 | fvrsbc.net | udp |
| US | 8.8.8.8:53 | lczwnye.net | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | awpsfpfyp.net | udp |
| US | 8.8.8.8:53 | kxzmtui.info | udp |
| US | 8.8.8.8:53 | xvmfjdyosk.info | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | gktyqk.net | udp |
| US | 8.8.8.8:53 | ugcuuueismwy.com | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | jabtdf.net | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | jqpmfnbmiqsl.info | udp |
| US | 8.8.8.8:53 | bgcyzkz.net | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | kufvhh.net | udp |
| US | 8.8.8.8:53 | qwdkdainp.net | udp |
| US | 8.8.8.8:53 | yzfunuhgzsj.info | udp |
| US | 8.8.8.8:53 | vahzkc.info | udp |
| US | 8.8.8.8:53 | mmxsdpcq.net | udp |
| US | 8.8.8.8:53 | qooykc.org | udp |
| US | 8.8.8.8:53 | ueevbmsid.info | udp |
| US | 8.8.8.8:53 | yucowa.org | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | swcmqcsomk.org | udp |
| US | 8.8.8.8:53 | viavutxm.net | udp |
| US | 8.8.8.8:53 | ppxoqubsdn.info | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | igzujhb.info | udp |
| US | 8.8.8.8:53 | fxlxccj.org | udp |
| US | 8.8.8.8:53 | nmxqtin.info | udp |
| US | 8.8.8.8:53 | onikzizhvbsy.info | udp |
| US | 8.8.8.8:53 | pizqkbknwo.net | udp |
| US | 8.8.8.8:53 | kommumwiug.com | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | rjpqlg.net | udp |
| US | 8.8.8.8:53 | ygugkkkskg.org | udp |
| US | 8.8.8.8:53 | pwowniwmd.net | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | vgbqdfgcf.info | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | ugqagw.com | udp |
| US | 8.8.8.8:53 | aatgrynghhv.net | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | igqqkatb.info | udp |
| US | 8.8.8.8:53 | acngwefrfsz.info | udp |
| US | 8.8.8.8:53 | scefnmbbqmde.net | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | jmlmcuyegm.info | udp |
| US | 8.8.8.8:53 | mkzvhmaf.net | udp |
| US | 8.8.8.8:53 | hsjrzrxduk.net | udp |
| US | 8.8.8.8:53 | swagaekkco.com | udp |
| US | 8.8.8.8:53 | ksamsmqiay.org | udp |
| US | 8.8.8.8:53 | amvkpkloz.net | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | urlspqeczuu.info | udp |
| US | 8.8.8.8:53 | yrzgvq.info | udp |
| US | 8.8.8.8:53 | wayiwgqesiwe.org | udp |
| US | 8.8.8.8:53 | lmzorfjfhsqw.info | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | uotyykd.info | udp |
| US | 8.8.8.8:53 | iyqiigum.com | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | cdjezbjobpoi.info | udp |
| US | 8.8.8.8:53 | nhtmewhsnqw.com | udp |
| US | 8.8.8.8:53 | wuamawqoec.org | udp |
| US | 8.8.8.8:53 | rejmzqj.info | udp |
| US | 8.8.8.8:53 | pkbusskur.info | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | jodcjwxqrex.net | udp |
| US | 8.8.8.8:53 | waiyxst.info | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | vcndjyq.com | udp |
| US | 8.8.8.8:53 | lckkbal.com | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | vydekdnkt.net | udp |
| US | 8.8.8.8:53 | ygbjfzxwxqxk.net | udp |
| US | 8.8.8.8:53 | mesckyqiui.org | udp |
| US | 8.8.8.8:53 | wqpsfrpmvr.net | udp |
| US | 8.8.8.8:53 | rzqsirzdo.info | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | swpgxcbkj.net | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | fawxmblsxttp.net | udp |
| US | 8.8.8.8:53 | nohirozut.com | udp |
| US | 8.8.8.8:53 | qewkis.com | udp |
| US | 8.8.8.8:53 | sjpbrdjfxn.net | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | hrbichrd.net | udp |
| US | 8.8.8.8:53 | hzrxeaj.org | udp |
| US | 8.8.8.8:53 | yhmtlkx.info | udp |
| US | 8.8.8.8:53 | eiecqs.com | udp |
| US | 8.8.8.8:53 | jwzciwnqa.org | udp |
| US | 8.8.8.8:53 | qrwjqx.info | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | oyyltnftrl.net | udp |
| US | 8.8.8.8:53 | debqvadou.com | udp |
| US | 8.8.8.8:53 | ymiyqokyiy.org | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | tpcvyzlpybme.net | udp |
| US | 8.8.8.8:53 | ngpmoozaf.com | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | rgmtvt.net | udp |
| US | 8.8.8.8:53 | osxegqyaunb.info | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | uiatfomwcewg.info | udp |
| US | 8.8.8.8:53 | ruxxyyjep.info | udp |
| US | 8.8.8.8:53 | yvukvczu.net | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | vjnhchrvvc.net | udp |
| US | 8.8.8.8:53 | wakwiqeueocm.com | udp |
| US | 8.8.8.8:53 | fgqgyopclkp.org | udp |
| US | 8.8.8.8:53 | zetpolry.info | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | ytrylozbbmbr.info | udp |
| US | 8.8.8.8:53 | mumusnmwhqtc.info | udp |
| US | 8.8.8.8:53 | yhdbyl.net | udp |
| US | 8.8.8.8:53 | ysbzilbmgwtr.net | udp |
| US | 8.8.8.8:53 | oujubmddoxp.info | udp |
| US | 8.8.8.8:53 | jlzopdfa.net | udp |
| US | 8.8.8.8:53 | owokum.org | udp |
| US | 8.8.8.8:53 | pfwirejb.net | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | woeksshcm.net | udp |
| US | 8.8.8.8:53 | ekgsyyewusgk.org | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | ialqwiryfxgi.net | udp |
| US | 8.8.8.8:53 | amimooma.com | udp |
| US | 8.8.8.8:53 | pmhiknnh.info | udp |
| US | 8.8.8.8:53 | khvmhzzc.info | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | gqfylojal.info | udp |
| US | 8.8.8.8:53 | zvzwvvboamt.net | udp |
| US | 8.8.8.8:53 | pwvzxxu.org | udp |
| US | 8.8.8.8:53 | ooqymqoa.org | udp |
| US | 8.8.8.8:53 | uyropbt.net | udp |
| US | 8.8.8.8:53 | sizpvevzrrt.net | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | kmpcnsz.info | udp |
| US | 8.8.8.8:53 | nhslcshahj.info | udp |
| US | 8.8.8.8:53 | tfczwz.info | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | qonycamok.info | udp |
| US | 8.8.8.8:53 | qfeqtwiwir.net | udp |
| US | 8.8.8.8:53 | gczafkv.net | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | joiyhuzxfk.net | udp |
| US | 8.8.8.8:53 | qotgocd.net | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| NL | 173.194.69.94:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | fmpktqpifyd.net | udp |
| US | 8.8.8.8:53 | wvkmarthni.info | udp |
| US | 8.8.8.8:53 | lkqyrgwn.info | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | gkefvw.net | udp |
| US | 8.8.8.8:53 | sgmfte.net | udp |
| US | 8.8.8.8:53 | zkwkjcu.info | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | zezwemhij.info | udp |
| US | 8.8.8.8:53 | fvrmbablw.org | udp |
| US | 8.8.8.8:53 | inmnbadjncl.net | udp |
| US | 8.8.8.8:53 | xlncfsa.net | udp |
| US | 8.8.8.8:53 | gytmlev.net | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | emtoawj.info | udp |
| US | 8.8.8.8:53 | oodnxfxvj.info | udp |
| US | 8.8.8.8:53 | eiqmwuqkcssc.org | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | lhqqjx.info | udp |
| US | 8.8.8.8:53 | jioirlb.org | udp |
| US | 8.8.8.8:53 | yyajoxclqzi.net | udp |
| US | 8.8.8.8:53 | qkdarp.info | udp |
| US | 8.8.8.8:53 | covgfocgxcq.info | udp |
| US | 8.8.8.8:53 | xmhvtwn.info | udp |
| US | 8.8.8.8:53 | uyaiey.com | udp |
| US | 8.8.8.8:53 | ghskrfgq.net | udp |
| US | 8.8.8.8:53 | fnjgdihki.com | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | clzvsfjk.info | udp |
| US | 8.8.8.8:53 | zorsfg.info | udp |
| US | 8.8.8.8:53 | ohfqbej.info | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | yjplvmloykwy.net | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | fssldpfmpgi.com | udp |
| US | 8.8.8.8:53 | xixroraepfrn.net | udp |
| US | 8.8.8.8:53 | gcmasgcg.org | udp |
| US | 8.8.8.8:53 | pfxbhnfp.net | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | acxrganip.net | udp |
| US | 8.8.8.8:53 | qynjmxsyds.info | udp |
| US | 8.8.8.8:53 | qwjpjmachjn.net | udp |
| US | 8.8.8.8:53 | mipuxovspmp.net | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | hqlyjfflz.com | udp |
| US | 8.8.8.8:53 | lprkehotusaa.net | udp |
| US | 8.8.8.8:53 | shsdliiamjd.info | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | xyoqomeun.net | udp |
| US | 8.8.8.8:53 | ykvlqejqk.info | udp |
| US | 8.8.8.8:53 | okxgxpt.info | udp |
| US | 8.8.8.8:53 | vcaatipqjv.net | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | ldfetaiub.org | udp |
| US | 8.8.8.8:53 | wmlqyiwubej.net | udp |
| US | 8.8.8.8:53 | fowyfxngac.info | udp |
| US | 8.8.8.8:53 | ayicqmiikk.com | udp |
| US | 8.8.8.8:53 | rligjygk.net | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | bjfhxgfaaij.org | udp |
| US | 8.8.8.8:53 | xkgchwv.info | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | qcgzrp.net | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | jcmrxr.net | udp |
| US | 8.8.8.8:53 | zevslkjzx.org | udp |
| US | 8.8.8.8:53 | kuohgniha.info | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | ezlcle.net | udp |
| US | 8.8.8.8:53 | eleehydyh.info | udp |
| US | 8.8.8.8:53 | yijklmxapsf.net | udp |
| US | 8.8.8.8:53 | henwuzhksr.info | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | endvjbqfmf.info | udp |
| US | 8.8.8.8:53 | xqzqpqdcpym.net | udp |
| US | 8.8.8.8:53 | supzecssda.info | udp |
| US | 8.8.8.8:53 | azqehbjsdm.net | udp |
| US | 8.8.8.8:53 | jwbfaif.com | udp |
| US | 8.8.8.8:53 | ssaqquseysaq.com | udp |
| US | 8.8.8.8:53 | lbuxvuljqsuj.net | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | ccmgcg.com | udp |
| US | 8.8.8.8:53 | pefmouz.info | udp |
| US | 8.8.8.8:53 | nocbjqgnn.net | udp |
| US | 8.8.8.8:53 | hjouhefwz.net | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | dptdndng.info | udp |
| US | 8.8.8.8:53 | bmwihawajhk.info | udp |
| US | 8.8.8.8:53 | aqsawcaq.org | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | bbrwiuukubj.org | udp |
| US | 8.8.8.8:53 | sqboplzkx.info | udp |
| US | 8.8.8.8:53 | ykceqzb.info | udp |
| US | 8.8.8.8:53 | jifbfgmekulq.info | udp |
| US | 8.8.8.8:53 | ucaiykikac.org | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | pbahadgtixcd.info | udp |
| US | 8.8.8.8:53 | qrdruyitlz.net | udp |
| US | 8.8.8.8:53 | llmddb.net | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | ykmmwoqg.com | udp |
| US | 8.8.8.8:53 | mkjeduhctnt.net | udp |
| US | 8.8.8.8:53 | umoiawp.net | udp |
| US | 8.8.8.8:53 | hegtublznplj.info | udp |
| US | 8.8.8.8:53 | pszytk.net | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | bmnvua.info | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | aigyemcw.com | udp |
| US | 8.8.8.8:53 | hkzpted.com | udp |
| US | 8.8.8.8:53 | mfyrxg.info | udp |
| US | 8.8.8.8:53 | pvpktot.org | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | bixsfgpgp.com | udp |
| US | 8.8.8.8:53 | dwjlqunqhs.info | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | tcbbrpndit.info | udp |
| US | 8.8.8.8:53 | imkske.com | udp |
| US | 8.8.8.8:53 | hzalbzhdrp.info | udp |
| US | 8.8.8.8:53 | qyyuyk.org | udp |
| US | 8.8.8.8:53 | ieemeucq.com | udp |
| US | 8.8.8.8:53 | rpoohllexvp.com | udp |
| US | 8.8.8.8:53 | ekdtyki.net | udp |
| US | 8.8.8.8:53 | ngtetbb.net | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | loysptdhyj.net | udp |
| US | 8.8.8.8:53 | amgugw.org | udp |
| US | 8.8.8.8:53 | uvbjza.info | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | wxruzx.net | udp |
| US | 8.8.8.8:53 | qdzprivtjo.info | udp |
| US | 8.8.8.8:53 | wrmuxgxgdbbr.info | udp |
| US | 8.8.8.8:53 | wyhehmlwwax.info | udp |
| US | 8.8.8.8:53 | fjhlnbctjobf.net | udp |
| US | 8.8.8.8:53 | waztfdrabjho.net | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | xamvwzfsfsvg.info | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | alnuhwuqxy.info | udp |
| US | 8.8.8.8:53 | jxjerofhghjg.net | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | zincfebel.org | udp |
| US | 8.8.8.8:53 | ummugkmsme.org | udp |
| US | 8.8.8.8:53 | qyxpuyxy.info | udp |
| US | 8.8.8.8:53 | kkqqeq.com | udp |
| US | 8.8.8.8:53 | pzpazy.info | udp |
| US | 8.8.8.8:53 | lwczryuzuz.net | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | vlpamf.net | udp |
| US | 8.8.8.8:53 | vkvuhqbijkl.info | udp |
| US | 8.8.8.8:53 | dfngddb.net | udp |
| US | 8.8.8.8:53 | nswrjwmeeq.net | udp |
| US | 8.8.8.8:53 | ooeshqr.net | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | muykowiw.com | udp |
| US | 8.8.8.8:53 | ddblqezcaou.net | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | xkxwpttmvft.info | udp |
| US | 8.8.8.8:53 | wirjbvrz.net | udp |
| US | 8.8.8.8:53 | icoefmf.net | udp |
| US | 8.8.8.8:53 | gmqesegs.com | udp |
| US | 8.8.8.8:53 | qsvsfhbjr.net | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | doqarqgasfp.net | udp |
| US | 8.8.8.8:53 | xusbjccdbo.net | udp |
| US | 8.8.8.8:53 | tmpwekl.org | udp |
| US | 8.8.8.8:53 | birmomljzq.net | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | pyzgbjnc.info | udp |
| US | 8.8.8.8:53 | rydifzf.org | udp |
| US | 8.8.8.8:53 | ikhwjyh.net | udp |
| US | 8.8.8.8:53 | fshmcfdg.info | udp |
| US | 8.8.8.8:53 | muwtrig.info | udp |
| US | 8.8.8.8:53 | cmdulxwwdaqh.net | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | pgionstghi.info | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | tpngvancxmw.net | udp |
| US | 8.8.8.8:53 | fdeiwhniz.net | udp |
| US | 8.8.8.8:53 | lqvcmupko.org | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | fnevgihwf.info | udp |
| US | 8.8.8.8:53 | reyrarc.com | udp |
| US | 8.8.8.8:53 | baqsxg.net | udp |
| US | 8.8.8.8:53 | jdvlzy.net | udp |
| US | 8.8.8.8:53 | qwcoia.org | udp |
| US | 8.8.8.8:53 | wduyolxe.info | udp |
| US | 8.8.8.8:53 | coqciweosg.org | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | suxsigpef.net | udp |
| US | 8.8.8.8:53 | pybznqvvvb.net | udp |
| US | 8.8.8.8:53 | bchunsm.org | udp |
| US | 8.8.8.8:53 | uizcdmsfpnt.info | udp |
| US | 8.8.8.8:53 | oioqgy.net | udp |
| US | 8.8.8.8:53 | nrdoetzozo.info | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | dwflucsi.net | udp |
| US | 8.8.8.8:53 | nckmvsdjl.info | udp |
| US | 8.8.8.8:53 | ubyqbwasxwe.info | udp |
| US | 8.8.8.8:53 | tqgtsupu.net | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | kqjyyppc.info | udp |
| US | 8.8.8.8:53 | hrsyexwl.net | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | tsnmjkpmztx.org | udp |
| US | 8.8.8.8:53 | xoycwy.net | udp |
| US | 8.8.8.8:53 | dijizqtcz.net | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | sanqtmsdeq.info | udp |
| US | 8.8.8.8:53 | zrwgexnah.org | udp |
| US | 8.8.8.8:53 | zihutd.info | udp |
| US | 8.8.8.8:53 | ievelgx.net | udp |
| US | 8.8.8.8:53 | wruxnatezh.net | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | ziseiji.org | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | csuuscwyuiau.com | udp |
| US | 8.8.8.8:53 | motidshsxwz.info | udp |
| US | 8.8.8.8:53 | zeowlgryfyc.org | udp |
| US | 8.8.8.8:53 | iqtspglasec.info | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | mndffardlau.info | udp |
| US | 8.8.8.8:53 | wilqaggmza.info | udp |
| US | 8.8.8.8:53 | bifvhoz.info | udp |
| US | 8.8.8.8:53 | wcktepfxzsju.net | udp |
| US | 8.8.8.8:53 | dbvftsluv.info | udp |
| US | 8.8.8.8:53 | raexrqdrdpy.info | udp |
| US | 8.8.8.8:53 | ikeijxxek.info | udp |
| US | 8.8.8.8:53 | rdzyyoqyoflm.net | udp |
| US | 8.8.8.8:53 | dwrljk.net | udp |
| US | 8.8.8.8:53 | rqoulkpg.info | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | hkaqkxqu.info | udp |
| US | 8.8.8.8:53 | xxhnvtyz.net | udp |
| US | 8.8.8.8:53 | cwbxvgzipyh.net | udp |
| US | 8.8.8.8:53 | xyykskzkzub.org | udp |
| US | 8.8.8.8:53 | tkgguxvmt.info | udp |
| US | 8.8.8.8:53 | rmjgbiuye.info | udp |
| US | 8.8.8.8:53 | eumpsk.info | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | fihstkkur.info | udp |
| US | 8.8.8.8:53 | zuxijcbja.org | udp |
| US | 8.8.8.8:53 | eugkmayg.org | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | oodmlerpawd.net | udp |
| US | 8.8.8.8:53 | iweumi.com | udp |
| US | 8.8.8.8:53 | ysvkcgfttsg.info | udp |
| US | 8.8.8.8:53 | fbvwpb.net | udp |
| US | 8.8.8.8:53 | ueuusymkuw.org | udp |
| US | 8.8.8.8:53 | kkkypwpbl.info | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | bnrsjsdepoh.net | udp |
| US | 8.8.8.8:53 | amzddcv.net | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | lwyvmuzmb.net | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | pycpvep.com | udp |
| US | 8.8.8.8:53 | okvcwlctth.info | udp |
| US | 8.8.8.8:53 | zqziooy.com | udp |
| US | 8.8.8.8:53 | iewkiumooomq.com | udp |
| US | 8.8.8.8:53 | tqwree.info | udp |
| US | 8.8.8.8:53 | qfdxpmtt.net | udp |
| US | 8.8.8.8:53 | xpzsegmby.net | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | tbizfhwxur.info | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | drbhfc.info | udp |
| US | 8.8.8.8:53 | zwgtfajwykh.net | udp |
| US | 8.8.8.8:53 | kycaigsmmy.com | udp |
| US | 8.8.8.8:53 | eaadrqxd.net | udp |
| US | 8.8.8.8:53 | kmcowosi.com | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | gitwmof.info | udp |
| US | 8.8.8.8:53 | golykcyqblc.net | udp |
| US | 8.8.8.8:53 | aywsucwusm.com | udp |
| US | 8.8.8.8:53 | ddprtfhyz.net | udp |
| US | 8.8.8.8:53 | bafvdn.net | udp |
| US | 8.8.8.8:53 | yuxyaj.net | udp |
| US | 8.8.8.8:53 | pyzjdsrbb.org | udp |
| US | 8.8.8.8:53 | efjpzbtksn.net | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | esjijdbzn.net | udp |
| US | 8.8.8.8:53 | cgzqtowog.info | udp |
| US | 8.8.8.8:53 | bfjnxydetsf.net | udp |
| US | 8.8.8.8:53 | ewvgtgtcz.net | udp |
| US | 8.8.8.8:53 | vebnoq.info | udp |
| US | 8.8.8.8:53 | vpnztjfy.net | udp |
| US | 8.8.8.8:53 | hbzknyyuhov.net | udp |
| US | 8.8.8.8:53 | xubrzuto.net | udp |
| US | 8.8.8.8:53 | pxnhfdsjajsp.net | udp |
| US | 8.8.8.8:53 | uvrlpzzlaoua.net | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | mtijxgarrzfr.info | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| US | 8.8.8.8:53 | guuidyxa.info | udp |
| US | 8.8.8.8:53 | yuowae.org | udp |
| US | 8.8.8.8:53 | nxmlsrxdxref.info | udp |
| US | 8.8.8.8:53 | rcrrjcziaulj.net | udp |
| US | 8.8.8.8:53 | qrykcnrn.net | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | iywgaeqigi.com | udp |
| US | 8.8.8.8:53 | qmcsksqsysos.org | udp |
| US | 8.8.8.8:53 | hcmwnmds.net | udp |
| US | 8.8.8.8:53 | lihcfwxxbwf.org | udp |
| US | 8.8.8.8:53 | labgdiv.info | udp |
| US | 8.8.8.8:53 | clpbmqu.net | udp |
| US | 8.8.8.8:53 | lcfohbczqur.info | udp |
| US | 8.8.8.8:53 | fpcopwh.org | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | qmgmmq.com | udp |
| US | 8.8.8.8:53 | tvyizhgkxcq.info | udp |
| US | 8.8.8.8:53 | usljhmfr.net | udp |
| US | 8.8.8.8:53 | giekgyskeiik.org | udp |
| US | 8.8.8.8:53 | xqznzwpepzxr.info | udp |
| US | 8.8.8.8:53 | bavppixu.net | udp |
| US | 8.8.8.8:53 | jqtspll.info | udp |
| US | 8.8.8.8:53 | nrsyiebahnki.info | udp |
| US | 8.8.8.8:53 | fkgritslx.org | udp |
| US | 8.8.8.8:53 | gbkoknhoo.info | udp |
| US | 8.8.8.8:53 | zjsqnjb.info | udp |
| US | 8.8.8.8:53 | vdxznunfcncc.net | udp |
| US | 8.8.8.8:53 | oymqmu.org | udp |
| US | 8.8.8.8:53 | ptpwnlreeaxo.net | udp |
| US | 8.8.8.8:53 | japwfttpqdzv.net | udp |
| US | 8.8.8.8:53 | nohbzscdpxpk.info | udp |
| US | 8.8.8.8:53 | kalsxay.net | udp |
| US | 8.8.8.8:53 | xyjqsfqfby.info | udp |
| US | 8.8.8.8:53 | eeeiusoc.com | udp |
| US | 8.8.8.8:53 | nepggvh.net | udp |
| US | 8.8.8.8:53 | sikicmuy.com | udp |
| US | 8.8.8.8:53 | qaqsikmqeiqe.com | udp |
| US | 8.8.8.8:53 | dtstyn.net | udp |
| US | 8.8.8.8:53 | nynejtzixsbq.net | udp |
| US | 8.8.8.8:53 | gkhhsscn.info | udp |
| US | 8.8.8.8:53 | kkfmpkj.net | udp |
| US | 8.8.8.8:53 | zskmbgb.org | udp |
| US | 8.8.8.8:53 | zbqtpeerkb.net | udp |
| US | 8.8.8.8:53 | ysojtvcxbfap.net | udp |
| US | 8.8.8.8:53 | iawrmopmffvf.info | udp |
| US | 8.8.8.8:53 | gbfyjgdh.net | udp |
| US | 8.8.8.8:53 | cihgpef.info | udp |
| US | 8.8.8.8:53 | zuwrljtqss.net | udp |
| US | 8.8.8.8:53 | vrufpwk.info | udp |
| US | 8.8.8.8:53 | qqgqdavrl.net | udp |
| US | 8.8.8.8:53 | msaeugqyakco.org | udp |
| US | 8.8.8.8:53 | cfposwmwhyw.net | udp |
| US | 8.8.8.8:53 | rexanw.net | udp |
| US | 8.8.8.8:53 | zynomanwz.net | udp |
| US | 8.8.8.8:53 | tmrxnmjrkb.net | udp |
| US | 8.8.8.8:53 | lcfietjyfk.net | udp |
| US | 8.8.8.8:53 | iicxjoglktfz.info | udp |
| US | 8.8.8.8:53 | uomieuwsgywa.com | udp |
| US | 8.8.8.8:53 | vchbozvhhk.net | udp |
| US | 8.8.8.8:53 | ielyzqsmqyr.net | udp |
| US | 8.8.8.8:53 | fldgmozgoa.net | udp |
| US | 8.8.8.8:53 | gkjdaprfn.info | udp |
| US | 8.8.8.8:53 | fzkrxmam.info | udp |
| US | 8.8.8.8:53 | uoawgiaqye.org | udp |
| US | 8.8.8.8:53 | bhryjrwtdef.net | udp |
| US | 8.8.8.8:53 | jadrzal.net | udp |
| US | 8.8.8.8:53 | pstclaxzafud.net | udp |
| US | 8.8.8.8:53 | nndwal.net | udp |
| US | 8.8.8.8:53 | fixijml.org | udp |
| US | 8.8.8.8:53 | vyhcdioyf.com | udp |
| US | 8.8.8.8:53 | hgfwjazzz.info | udp |
Files
memory/708-0-0x0000000000400000-0x00000000004D7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
| MD5 | eb09c682903ecbd87f30b0366e008d8f |
| SHA1 | 59b0dc27c06ce536327490439a37751a3dbd5e38 |
| SHA256 | c4b122f7bab30363b472a3dffb8a7c61604c0ec4719ebd233ccbac8be0951be1 |
| SHA512 | 83236c0955b81375666c10445d2cf5e4723b24e42e4ee5fb951f53945483be2fff5c8ef167f08cfad3accc162c61e750bb1039edbf09e26afe18cba2f994eb5d |
C:\Windows\SysWOW64\rjstguqkxqubfujttb.exe
| MD5 | c0a5c6a1916f592a00e891fd8e5c4b36 |
| SHA1 | 6bf1d27345660089c1bbf1e71f58674e684c5d14 |
| SHA256 | 32173afb83cbc7c35e4b7c70ca3bdfb64155ce5da72d0fc359c4a0cd2096d7c8 |
| SHA512 | 75c8ce5234070a6ee08fb41f316bd71776b3b58f9e43e3f4b544732c197a27b5c9d9172632894090b6af7f3f52fdac8efabe8baf41eb855ac817ad34980dbef6 |
memory/2656-54-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/1200-59-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2544-63-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3524-67-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4580-71-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4580-72-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3524-74-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4836-78-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/1604-110-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4836-112-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2180-114-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2180-116-0x0000000000400000-0x00000000004D7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cjhxzcn.exe
| MD5 | 0d0f3fb136b7792c6887b2e120a6edb9 |
| SHA1 | 50d8bf191f1ae1ff045be94c09ef9b8b311553fc |
| SHA256 | 62e25673a8c4b68eef961fda4a08bd82f968adfcfcd8ed820417da129be3541a |
| SHA512 | 6b5a06ce31c0091a06d9e886d6484849f92331a3fae5fdd0e2ea59641f648cde6cb3273c1ac35989400ccc2268e4e407c0ec3ac907d518a8d70e9c23ee05c43f |
memory/3644-183-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2008-182-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4388-189-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2780-191-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4388-193-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2824-196-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/1840-199-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3232-236-0x0000000000400000-0x00000000004D7000-memory.dmp
C:\Users\Admin\AppData\Local\jlepmkquruiznmlfphtvozwu.ebe
| MD5 | 7e091a7d4e66e883f0cdd207ba2f960a |
| SHA1 | 11a9259c0754719f716dbb47779bf9d5122806e2 |
| SHA256 | 98aa757e397513ae4926d0a5c830e03b04dee28647398c54224306fde0b6b902 |
| SHA512 | 3e086c2f36d4c597cddcdcc289cc9e8ac40dbb860585163530939b48a0118e71109cc3471ccee421080a61529b126db5b70cabed45b40532a3f1e992916134e9 |
memory/4260-202-0x0000000000400000-0x00000000004D7000-memory.dmp
C:\Users\Admin\AppData\Local\sfjfnwnckyxzyisxsvsfjfnwnckyxzyisxs.sfj
| MD5 | dc36a32ec6ad763d70205ad17edf27fc |
| SHA1 | 9e3b454b5449bb26e9f507762907ef98c2df119d |
| SHA256 | 1b8425a21ed36d400c922a856130eb39bb9991c3bf61c19cc2e8eb72763da994 |
| SHA512 | 357242c0f829ff28523da11597d4556d20929dc4ec097c53f93a611bb26b0899373eb184805ded3c03e46967fb33b9a8e64d881864276a6714ce666d38aecee5 |
memory/3648-276-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4916-278-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4260-279-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2700-275-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/1060-277-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2700-280-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2960-282-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3648-281-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3224-283-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2368-288-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2192-287-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4112-286-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4344-285-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2904-290-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4344-294-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2192-293-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4112-292-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4916-291-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2504-295-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4832-296-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2904-297-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4224-298-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4244-299-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4832-300-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4244-301-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4320-317-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2100-318-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4972-320-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4836-324-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3260-325-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3140-326-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5068-327-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4828-329-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5068-330-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4392-331-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4828-333-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3772-337-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2252-338-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/1896-334-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/872-339-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3248-342-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/1896-341-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2180-353-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3248-355-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4552-354-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3772-358-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3972-361-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4832-364-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4552-365-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2980-368-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3532-367-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4124-366-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3132-370-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2504-371-0x0000000000400000-0x0000000000466000-memory.dmp
memory/3972-369-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3276-373-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2180-363-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3132-360-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/560-359-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3476-357-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3764-356-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2524-375-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2980-376-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4652-378-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2524-379-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4652-377-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2072-380-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4188-381-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/1756-394-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/1864-395-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2768-396-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4892-398-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4892-399-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3784-400-0x0000000000400000-0x00000000004D7000-memory.dmp
C:\Program Files (x86)\jlepmkquruiznmlfphtvozwu.ebe
| MD5 | 15dcb0ea0a5ee5c5a275a3fc1b783331 |
| SHA1 | 6ebb4b727ce3e18ccfe73da0637f26a342b93c91 |
| SHA256 | 28493a4e7e6921f83719cdcf9afb6a5e6ba3b4e51e42496fae7c09432efbffb3 |
| SHA512 | 4849b59dd429df52e981bf0a577f962593818c9c61df43264406e1389c42d065d5fb8ad7188a9be8db4a71b24bff03c51751b5aaa2618a0126c7b71a8dfdce4f |
C:\Program Files (x86)\jlepmkquruiznmlfphtvozwu.ebe
| MD5 | aea4631f924c671f16d9851049e10b84 |
| SHA1 | 2c05c6337d704a288d46cceb6fa440a8030e4e21 |
| SHA256 | cb3006b04e15ce6e6113fcaa5cdcfce4c83be64b6ecbc91c968cb79f1a1852d7 |
| SHA512 | 0d3cae21615c03536b3c9c85470ac9227bc16b02697dbdba4544024a543960fab2711c12857279cd92cfd9184ea6bb6523d17bad08d642f35d343379fd4a90f8 |
C:\Program Files (x86)\jlepmkquruiznmlfphtvozwu.ebe
| MD5 | 65f4a733dc253d0ca19faef2ed2b7328 |
| SHA1 | e98be39081671c4d3657c4dacad3012096c421bd |
| SHA256 | db5d17108227b905fd27fdd06815e15ceff69b174501329b03964b457da750a0 |
| SHA512 | 4ee2c0a1495f6465df420cd495ae961ba3c614f039c7361563440f16d2e2764a38fb2fee8fe63d36b4a0537db2cce2edabe2d59582f15ce0cc7869ea7c5d7ce1 |
C:\Program Files (x86)\jlepmkquruiznmlfphtvozwu.ebe
| MD5 | 39e0a4f83ab360c9b656ef8ebcd05b25 |
| SHA1 | 3cdbb740ebb95682fcabfbcbc71c4f1899da5439 |
| SHA256 | fff51cbc1b159b10bd642c195abee375a69042bfae86027a2700d1f84a924c89 |
| SHA512 | 49e75d75e3b59f43b5cf8cac465d6c51639afc348190bc19518b16ac8925df8d6db092cf638d5963745d45dbe6abce6b7bd975cbc930608c8439777aca2519e9 |
C:\Program Files (x86)\jlepmkquruiznmlfphtvozwu.ebe
| MD5 | 70e76d578997e0922ce973a193e9a08f |
| SHA1 | 1bb9010356631f109c0dabdffca91d1edaa8fed7 |
| SHA256 | cfada96852d915407da4606982b66f681db018175524e40882f31dd62fdf10f5 |
| SHA512 | 3b48c22e513894a5e4da7fae01b3e6cbb8e8255578dab9e4c29486e3115e6768b57ac4f11192604fb44ea0033a9c1a124a9b72d71997d31e30be09e95e381f62 |
C:\Program Files (x86)\jlepmkquruiznmlfphtvozwu.ebe
| MD5 | 565fd8162d041363e5b7af29bdc2598c |
| SHA1 | 7303b3f6f34bf1d63a49bc4ce909828ebfd3f7ba |
| SHA256 | ae24969a5c1d3deab21205c45490eb9cfe7f5fedb481d9bb5286ccfa75c0c45d |
| SHA512 | e109452de9d66a3b8f9d38524ea8d832a43084e226394a70bd10c573b2b0dc5eeb367e8d19380a9c1a716f2a79d55f2ce8c6f364151c63a9759caaa5843ed260 |
C:\Program Files (x86)\jlepmkquruiznmlfphtvozwu.ebe
| MD5 | cd9ca65126f7cddacc2f726c7927abcd |
| SHA1 | 2e8f8c5070c1288833c8d889f590983e0423a845 |
| SHA256 | 00e2aa6d03e66c4f0a9e99e5fd228a68d67ecbcf92d3dcaeda788c46bf86ddc1 |
| SHA512 | e2a42bdf5f7b99a10a545fda7defc62094a451557136d68e3bb355d301229cb4c7a15a5bb0a6b41810eb62bfb5227513e4e93ad2f34f9a263aad08f94d32d1c5 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-04-19 01:29
Reported
2025-04-19 01:31
Platform
win11-20250410-en
Max time kernel
66s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "bpgwkbravoxdtwjd.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "ixpgvneokeovmqezw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "phcwojdqpmzjdkbzzrje.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "bpgwkbravoxdtwjd.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "phcwojdqpmzjdkbzzrje.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "ixpgvneokeovmqezw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rhasibtebwhphmbxvl.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "extohdymmkyjemedexqmh.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rhasibtebwhphmbxvl.exe" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rhasibtebwhphmbxvl.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rhasibtebwhphmbxvl.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\extohdymmkyjemedexqmh.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "rhasibtebwhphmbxvl.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "ixpgvneokeovmqezw.exe" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rhasibtebwhphmbxvl.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rhasibtebwhphmbxvl.exe" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "rhasibtebwhphmbxvl.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "ixpgvneokeovmqezw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "phcwojdqpmzjdkbzzrje.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "ixpgvneokeovmqezw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "bpgwkbravoxdtwjd.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "ctngxrkwuqclekaxwne.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpgwkbravoxdtwjd.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "ixpgvneokeovmqezw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tfuiujxexovzno = "extohdymmkyjemedexqmh.exe" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\extohdymmkyjemedexqmh.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpgwkbravoxdtwjd.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfrclximcqu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ixpgvneokeovmqezw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpgwkbravoxdtwjd.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "ixpgvneokeovmqezw.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "extohdymmkyjemedexqmh.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ixpgvneokeovmqezw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rhasibtebwhphmbxvl.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "extohdymmkyjemedexqmh.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ctngxrkwuqclekaxwne.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "extohdymmkyjemedexqmh.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ixpgvneokeovmqezw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rhasibtebwhphmbxvl.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "bpgwkbravoxdtwjd.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "phcwojdqpmzjdkbzzrje.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rhasibtebwhphmbxvl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "rhasibtebwhphmbxvl.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "extohdymmkyjemedexqmh.exe" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "extohdymmkyjemedexqmh.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "extohdymmkyjemedexqmh.exe ." | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rhasibtebwhphmbxvl.exe" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ctngxrkwuqclekaxwne.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rhasibtebwhphmbxvl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "rhasibtebwhphmbxvl.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "ixpgvneokeovmqezw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "ixpgvneokeovmqezw.exe ." | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ctngxrkwuqclekaxwne.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "phcwojdqpmzjdkbzzrje.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "extohdymmkyjemedexqmh.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "ctngxrkwuqclekaxwne.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "ctngxrkwuqclekaxwne.exe" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "ixpgvneokeovmqezw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "rhasibtebwhphmbxvl.exe ." | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "extohdymmkyjemedexqmh.exe" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ixpgvneokeovmqezw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ctngxrkwuqclekaxwne.exe ." | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "ctngxrkwuqclekaxwne.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "phcwojdqpmzjdkbzzrje.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "bpgwkbravoxdtwjd.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rhasibtebwhphmbxvl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "extohdymmkyjemedexqmh.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "ixpgvneokeovmqezw.exe ." | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rhasibtebwhphmbxvl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpgwkbravoxdtwjd.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "extohdymmkyjemedexqmh.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "extohdymmkyjemedexqmh.exe ." | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ctngxrkwuqclekaxwne.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "phcwojdqpmzjdkbzzrje.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "phcwojdqpmzjdkbzzrje.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "rhasibtebwhphmbxvl.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "ctngxrkwuqclekaxwne.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "extohdymmkyjemedexqmh.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "extohdymmkyjemedexqmh.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ixpgvneokeovmqezw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\extohdymmkyjemedexqmh.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rhasibtebwhphmbxvl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rhasibtebwhphmbxvl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpgwkbravoxdtwjd.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "rhasibtebwhphmbxvl.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "bpgwkbravoxdtwjd.exe" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ixpgvneokeovmqezw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ixpgvneokeovmqezw.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "ixpgvneokeovmqezw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdrepdqwoekna = "phcwojdqpmzjdkbzzrje.exe ." | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdqcmzlqhwbd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "extohdymmkyjemedexqmh.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ixpgvneokeovmqezw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\phcwojdqpmzjdkbzzrje.exe ." | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bpgwkbravoxdtwjd = "ctngxrkwuqclekaxwne.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wjzobrgoiainceq = "rhasibtebwhphmbxvl.exe" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| File opened for modification | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| File created | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| File opened for modification | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ixpgvneokeovmqezw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rhasibtebwhphmbxvl.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rhasibtebwhphmbxvl.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpmiczvklkzlhqjjlfzwsm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rhasibtebwhphmbxvl.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rhasibtebwhphmbxvl.exe | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ixpgvneokeovmqezw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rhasibtebwhphmbxvl.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rhasibtebwhphmbxvl.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ixpgvneokeovmqezw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rhasibtebwhphmbxvl.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ixpgvneokeovmqezw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpmiczvklkzlhqjjlfzwsm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpmiczvklkzlhqjjlfzwsm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpmiczvklkzlhqjjlfzwsm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ixpgvneokeovmqezw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ixpgvneokeovmqezw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\extohdymmkyjemedexqmh.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rhasibtebwhphmbxvl.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ixpgvneokeovmqezw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\phcwojdqpmzjdkbzzrje.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpmiczvklkzlhqjjlfzwsm.exe | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bpgwkbravoxdtwjd.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ixpgvneokeovmqezw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\fdeecddwbexnnaxbhfdeec.dwb | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| File created | C:\Program Files (x86)\fdeecddwbexnnaxbhfdeec.dwb | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| File opened for modification | C:\Program Files (x86)\wfrclximcquvgembsbkwhqcnrhvzaljrg.gpb | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| File created | C:\Program Files (x86)\wfrclximcquvgembsbkwhqcnrhvzaljrg.gpb | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\extohdymmkyjemedexqmh.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\rhasibtebwhphmbxvl.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| File opened for modification | C:\Windows\phcwojdqpmzjdkbzzrje.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ixpgvneokeovmqezw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\phcwojdqpmzjdkbzzrje.exe | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| File opened for modification | C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\rhasibtebwhphmbxvl.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ixpgvneokeovmqezw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File created | C:\Windows\wfrclximcquvgembsbkwhqcnrhvzaljrg.gpb | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| File opened for modification | C:\Windows\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\extohdymmkyjemedexqmh.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ixpgvneokeovmqezw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\extohdymmkyjemedexqmh.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\rhasibtebwhphmbxvl.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\rhasibtebwhphmbxvl.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| File opened for modification | C:\Windows\bpgwkbravoxdtwjd.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\extohdymmkyjemedexqmh.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\rhasibtebwhphmbxvl.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\phcwojdqpmzjdkbzzrje.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ixpgvneokeovmqezw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\phcwojdqpmzjdkbzzrje.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\wfrclximcquvgembsbkwhqcnrhvzaljrg.gpb | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| File opened for modification | C:\Windows\phcwojdqpmzjdkbzzrje.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ixpgvneokeovmqezw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\bpgwkbravoxdtwjd.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\rhasibtebwhphmbxvl.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\phcwojdqpmzjdkbzzrje.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\extohdymmkyjemedexqmh.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\phcwojdqpmzjdkbzzrje.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| File opened for modification | C:\Windows\bpgwkbravoxdtwjd.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\rhasibtebwhphmbxvl.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\phcwojdqpmzjdkbzzrje.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\bpgwkbravoxdtwjd.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\rhasibtebwhphmbxvl.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\bpgwkbravoxdtwjd.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\phcwojdqpmzjdkbzzrje.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\extohdymmkyjemedexqmh.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ctngxrkwuqclekaxwne.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\extohdymmkyjemedexqmh.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ixpgvneokeovmqezw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\vpmiczvklkzlhqjjlfzwsm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ctngxrkwuqclekaxwne.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ctngxrkwuqclekaxwne.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rhasibtebwhphmbxvl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ctngxrkwuqclekaxwne.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\extohdymmkyjemedexqmh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\extohdymmkyjemedexqmh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\extohdymmkyjemedexqmh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ctngxrkwuqclekaxwne.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bpgwkbravoxdtwjd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\phcwojdqpmzjdkbzzrje.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bpgwkbravoxdtwjd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ctngxrkwuqclekaxwne.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bpgwkbravoxdtwjd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\extohdymmkyjemedexqmh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bpgwkbravoxdtwjd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\phcwojdqpmzjdkbzzrje.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\extohdymmkyjemedexqmh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bpgwkbravoxdtwjd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\phcwojdqpmzjdkbzzrje.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rhasibtebwhphmbxvl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ctngxrkwuqclekaxwne.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\extohdymmkyjemedexqmh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ixpgvneokeovmqezw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ctngxrkwuqclekaxwne.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rhasibtebwhphmbxvl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\phcwojdqpmzjdkbzzrje.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\extohdymmkyjemedexqmh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rhasibtebwhphmbxvl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\phcwojdqpmzjdkbzzrje.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\extohdymmkyjemedexqmh.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ehnsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe"
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."
C:\Users\Admin\AppData\Local\Temp\ehnsv.exe
"C:\Users\Admin\AppData\Local\Temp\ehnsv.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe"
C:\Users\Admin\AppData\Local\Temp\ehnsv.exe
"C:\Users\Admin\AppData\Local\Temp\ehnsv.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c0a5c6a1916f592a00e891fd8e5c4b36.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe .
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe .
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe .
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe .
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe .
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bpgwkbravoxdtwjd.exe*."
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\extohdymmkyjemedexqmh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ctngxrkwuqclekaxwne.exe*."
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ixpgvneokeovmqezw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\rhasibtebwhphmbxvl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpgwkbravoxdtwjd.exe
C:\Windows\bpgwkbravoxdtwjd.exe
bpgwkbravoxdtwjd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."
C:\Windows\ctngxrkwuqclekaxwne.exe
ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ixpgvneokeovmqezw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Windows\ixpgvneokeovmqezw.exe
ixpgvneokeovmqezw.exe .
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Users\Admin\AppData\Local\Temp\extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ixpgvneokeovmqezw.exe*."
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Users\Admin\AppData\Local\Temp\ixpgvneokeovmqezw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\phcwojdqpmzjdkbzzrje.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\phcwojdqpmzjdkbzzrje.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c extohdymmkyjemedexqmh.exe .
C:\Windows\extohdymmkyjemedexqmh.exe
extohdymmkyjemedexqmh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c phcwojdqpmzjdkbzzrje.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\extohdymmkyjemedexqmh.exe*."
C:\Windows\phcwojdqpmzjdkbzzrje.exe
phcwojdqpmzjdkbzzrje.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rhasibtebwhphmbxvl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Windows\rhasibtebwhphmbxvl.exe
rhasibtebwhphmbxvl.exe .
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Users\Admin\AppData\Local\Temp\rhasibtebwhphmbxvl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\rhasibtebwhphmbxvl.exe*."
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ctngxrkwuqclekaxwne.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Users\Admin\AppData\Local\Temp\ctngxrkwuqclekaxwne.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe
C:\Users\Admin\AppData\Local\Temp\bpgwkbravoxdtwjd.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bpgwkbravoxdtwjd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctngxrkwuqclekaxwne.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| NL | 185.15.59.224:80 | www.wikipedia.org | tcp |
| NL | 173.194.69.190:80 | www.youtube.com | tcp |
| PK | 111.119.182.129:20999 | tcp | |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| PK | 111.119.182.129:20999 | tcp | |
| US | 8.8.8.8:53 | oclyxabqdbz.info | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | kwhfxq.info | udp |
| US | 8.8.8.8:53 | vanzav.net | udp |
| US | 8.8.8.8:53 | swuekicoiu.com | udp |
| US | 199.59.243.228:80 | comisi.com | tcp |
| US | 8.8.8.8:53 | wrcbgitqjnxa.info | udp |
| US | 8.8.8.8:53 | ncdhnsz.info | udp |
| US | 8.8.8.8:53 | yowoulfwf.info | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | swpbqsnleyfb.net | udp |
| US | 8.8.8.8:53 | zreqsbv.org | udp |
| US | 8.8.8.8:53 | uyydfe.info | udp |
| US | 8.8.8.8:53 | nqfojqz.org | udp |
| US | 8.8.8.8:53 | tqbqdwkdf.info | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | ycrnnnwsorvo.net | udp |
| US | 8.8.8.8:53 | jyoilfcd.info | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | ncnzlurkrmw.com | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | ogjqwjjxx.info | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | isagwi.com | udp |
| US | 8.8.8.8:53 | jcdslcegesd.org | udp |
| US | 8.8.8.8:53 | iswlnjjvvnqh.net | udp |
| US | 8.8.8.8:53 | jxvgxgln.info | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | cyngzkvw.info | udp |
| US | 8.8.8.8:53 | giaoessyos.com | udp |
| US | 8.8.8.8:53 | vsoboojmbxrz.info | udp |
| US | 8.8.8.8:53 | nuzuulykeifs.info | udp |
| US | 8.8.8.8:53 | bxfzufriah.info | udp |
| US | 8.8.8.8:53 | whsibhhzjbbm.info | udp |
| US | 8.8.8.8:53 | owwcgssgyuka.com | udp |
| US | 8.8.8.8:53 | rpbwgeewrps.com | udp |
| US | 8.8.8.8:53 | kkykoukuky.org | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | oqmmyueaug.org | udp |
| US | 8.8.8.8:53 | kreuso.net | udp |
| US | 8.8.8.8:53 | sugqmm.org | udp |
| US | 8.8.8.8:53 | wgwmqauo.com | udp |
| US | 8.8.8.8:53 | kmngqxrohyi.info | udp |
| US | 8.8.8.8:53 | hzogmhvbfq.net | udp |
| US | 8.8.8.8:53 | nahghujn.net | udp |
| US | 8.8.8.8:53 | xmregiguhct.net | udp |
| US | 8.8.8.8:53 | oemwdzun.info | udp |
| US | 8.8.8.8:53 | jcruryrst.com | udp |
| US | 8.8.8.8:53 | pyrdzifabltr.net | udp |
| US | 8.8.8.8:53 | qbtulgmyhpxg.info | udp |
| US | 8.8.8.8:53 | imcikxmme.info | udp |
| US | 8.8.8.8:53 | wuioyy.org | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | cihnqxlwrk.info | udp |
| US | 8.8.8.8:53 | vrekxutpkphm.info | udp |
| US | 8.8.8.8:53 | enkvjquggwue.info | udp |
| US | 8.8.8.8:53 | xehonlu.com | udp |
| US | 8.8.8.8:53 | iqvcyghxogn.info | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | lcbjrwnm.info | udp |
| US | 8.8.8.8:53 | wxykvliwqcwr.info | udp |
| US | 8.8.8.8:53 | sesmicgcaq.org | udp |
| US | 8.8.8.8:53 | lthtvmtoplf.info | udp |
| US | 8.8.8.8:53 | oonjzybwr.info | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | zpwufkgaqb.info | udp |
| US | 8.8.8.8:53 | wntwidpgca.net | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | bpxvzgskmyuj.net | udp |
| US | 8.8.8.8:53 | nuzafmbad.com | udp |
| US | 8.8.8.8:53 | qotwhe.net | udp |
| US | 8.8.8.8:53 | qzhwtku.net | udp |
| US | 8.8.8.8:53 | nwvktd.net | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | perqgvq.com | udp |
| US | 8.8.8.8:53 | zvasripw.info | udp |
| US | 8.8.8.8:53 | rqoulkpg.info | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | bcccuxtmludh.net | udp |
| US | 8.8.8.8:53 | trnyvjufjcuu.net | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | glieztpkor.net | udp |
| US | 8.8.8.8:53 | ccbxzvdsmiqi.info | udp |
| US | 8.8.8.8:53 | kwohyylm.info | udp |
| US | 8.8.8.8:53 | igiofsd.info | udp |
| US | 8.8.8.8:53 | oaiyscuq.com | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | ueuusymkuw.org | udp |
| US | 8.8.8.8:53 | euaymoyamg.com | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | qodbvgdut.net | udp |
| US | 8.8.8.8:53 | defslfp.org | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | xomqzazuxbj.net | udp |
| US | 8.8.8.8:53 | wxekxldunjwt.info | udp |
| US | 8.8.8.8:53 | etjdbylvlt.net | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | pycpvep.com | udp |
| US | 8.8.8.8:53 | icscky.org | udp |
| US | 8.8.8.8:53 | xsbzrlxbxixo.info | udp |
| US | 8.8.8.8:53 | notkpcbghwp.com | udp |
| US | 8.8.8.8:53 | mgvzzejohy.net | udp |
| US | 8.8.8.8:53 | wmxlxnofqrtg.net | udp |
| US | 8.8.8.8:53 | akeiysmc.org | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | fonerog.net | udp |
| US | 8.8.8.8:53 | fjzstem.info | udp |
| US | 8.8.8.8:53 | spxnopqwp.info | udp |
Files
memory/1424-0-0x0000000000400000-0x00000000004D7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
| MD5 | eb09c682903ecbd87f30b0366e008d8f |
| SHA1 | 59b0dc27c06ce536327490439a37751a3dbd5e38 |
| SHA256 | c4b122f7bab30363b472a3dffb8a7c61604c0ec4719ebd233ccbac8be0951be1 |
| SHA512 | 83236c0955b81375666c10445d2cf5e4723b24e42e4ee5fb951f53945483be2fff5c8ef167f08cfad3accc162c61e750bb1039edbf09e26afe18cba2f994eb5d |
C:\Windows\SysWOW64\rhasibtebwhphmbxvl.exe
| MD5 | c0a5c6a1916f592a00e891fd8e5c4b36 |
| SHA1 | 6bf1d27345660089c1bbf1e71f58674e684c5d14 |
| SHA256 | 32173afb83cbc7c35e4b7c70ca3bdfb64155ce5da72d0fc359c4a0cd2096d7c8 |
| SHA512 | 75c8ce5234070a6ee08fb41f316bd71776b3b58f9e43e3f4b544732c197a27b5c9d9172632894090b6af7f3f52fdac8efabe8baf41eb855ac817ad34980dbef6 |
memory/3836-54-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2956-57-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5160-61-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4436-70-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5616-74-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5032-68-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5616-76-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/424-80-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/1052-108-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/1052-110-0x0000000000400000-0x00000000004D7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ehnsv.exe
| MD5 | 243375f59d241de2599f96a2d2a981e6 |
| SHA1 | 63ace0e1d77d2194065fee1a491691d9019d7844 |
| SHA256 | f00fad1fb2043952e62a851f08e5da302225810b3e1cde7380c650cd599fca33 |
| SHA512 | a5bf934d46d6c26f2c986bf78e8f797bd551b42a980476c4e29bfd5d52d0f345017662df3de27230a94844239641dc0cee610887171ed79e4d1eff03c556f854 |
memory/6064-184-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3748-180-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4780-186-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5584-189-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4780-191-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3492-195-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/6128-199-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/1784-202-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5740-204-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2272-209-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/1784-210-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/888-212-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2984-208-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5584-194-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/124-214-0x0000000000400000-0x00000000004D7000-memory.dmp
C:\Users\Admin\AppData\Local\wfrclximcquvgembsbkwhqcnrhvzaljrg.gpb
| MD5 | 4074d34fb991cded5080de3710bc5aba |
| SHA1 | 6dd5b930e0170ea1b22bb2dbf36c5fb577064f80 |
| SHA256 | cea18ca806f9fe0ca9b0b6cba0e96b652300b67b1e011da5bd0e098a8601c2dc |
| SHA512 | 04005ac21812547a67a8f654236819bc15ba563df870cb5c4fd72c4d015c1d7bb14e4b0346e043e0acd3b48e0e7c1d8172e8915f9bde4c53695a396051de3b9b |
C:\Users\Admin\AppData\Local\fdeecddwbexnnaxbhfdeec.dwb
| MD5 | 80c95ee800ee31f3890883753740bec6 |
| SHA1 | c0baabb85257555d79fe13008a2c6d2aaf228d34 |
| SHA256 | e29a3ec176d01fcbf44126eb1287e0e0c8e8a675f4141d83f7333ad6c393ee84 |
| SHA512 | 724329076cf1d299e313165cc529168b90fc354babc4c9cbd44b5d48a1265d365e139c0a0bf245eacfb0eeeb75255b7e13de0bec672e59f029e84fd0784938df |
memory/888-243-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5740-242-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5948-244-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/124-257-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4580-258-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4580-259-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4692-262-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5452-261-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4692-263-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/1220-264-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4936-266-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2720-268-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5036-270-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/824-271-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3444-272-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4972-274-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4972-273-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/576-275-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5128-291-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5128-292-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5248-294-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4104-296-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4104-297-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3476-299-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3476-300-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4672-302-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/1960-304-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5656-306-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3492-307-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2628-309-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5992-311-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5992-312-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3492-314-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5656-313-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5848-316-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/1956-318-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2924-320-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4984-321-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/6132-334-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5988-339-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2788-338-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2924-340-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2612-337-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5988-342-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/1552-341-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2788-349-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2720-351-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5792-348-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2796-347-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5720-346-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/1884-344-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5568-343-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5568-335-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4580-336-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2128-353-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5792-355-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/2720-357-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/580-358-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5600-359-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/580-360-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/1552-354-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3160-361-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3160-362-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/5144-363-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4836-364-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3804-380-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3356-382-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/3284-384-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/4880-386-0x0000000000400000-0x00000000004D7000-memory.dmp
memory/236-387-0x0000000000400000-0x00000000004D7000-memory.dmp
C:\Program Files (x86)\fdeecddwbexnnaxbhfdeec.dwb
| MD5 | c40d7df93369c6ee19152cd6322271ed |
| SHA1 | a98f60c471a7179950c5f7cf8494bdd41eb0a802 |
| SHA256 | 5fd4412fe7cf895a9d97e456fa14e3769ebbd9f372aeacdcda5662b469b7dc58 |
| SHA512 | b1a01a7e212be60469bc1f0815d11f263c431810b7497c38527c07dc94cdbf2f3396df443eb42f92dcde81bfda9861ac524f0605e9a3c26bca83a4c0340e14f5 |
C:\Program Files (x86)\fdeecddwbexnnaxbhfdeec.dwb
| MD5 | a1726c21271773122d2ced5cf413cc46 |
| SHA1 | 27be3e8de15ce2d8124bab0f9f8f815e6289379c |
| SHA256 | de01b6047784000628fd13b546e777017e56e77210bb099802a4b95c3ad18be1 |
| SHA512 | 0d8181036944c4bdecfca00ad4eb8ecb334d0fac3a9bf28e4912888ce86f8749855aaf0d9414b70d4fd26521feaa40f8d4b3a9d1a8e079c4c25a73e3e5155aef |
C:\Program Files (x86)\fdeecddwbexnnaxbhfdeec.dwb
| MD5 | 6331a3221584e2eeb8dea47a42c24b04 |
| SHA1 | 360bde151cc4240fe64f8d4bcc1fdd2478ae8b9f |
| SHA256 | d4a966d4e8f99ee0bc5b4bbadb9bc7e2463aeaa78c3a818bf71070d3423ce9fd |
| SHA512 | 19352b915ddf1e0e421717c5f71136292ebb05f38c03dde7d5aa43f04112f4d1e899bf23e0a275ab590adb401b8e7dc69767712cd9b28ffb99b135d5d858857e |
C:\Program Files (x86)\fdeecddwbexnnaxbhfdeec.dwb
| MD5 | 95f1567b8c2f39854ef2a85fea7f0312 |
| SHA1 | 60beec1dc4badf2405275858c9511c58df90ac14 |
| SHA256 | 5792f7052c6f24e55f2e4bc66626d4ba9f66e984ce78e4a80dd6d6e3f60beb39 |
| SHA512 | 10336644cf7cb0ee7a877d697e2beb3eeb6ff27fc071c6804afb9a35205027a608adf57dcaa9bbcd167a208a70fbfc04e3b0afda846f070500721d32b8f2ac3a |
C:\Program Files (x86)\fdeecddwbexnnaxbhfdeec.dwb
| MD5 | 36a8eaad612ea741e2c5ece0d39209d0 |
| SHA1 | 7535b01f25639f7665f176c19f24338d41955807 |
| SHA256 | 22bb391fe7d7cc34c37bff89bb8771d33d32543e618a195ade1ef1013d8ae67f |
| SHA512 | 9ba3cffce619255ddcdc834060d81c3e0abacf3037aa3c6e7a160793ec50d65124255b72813f0fb9345a97c61edb494bd8984194d5fd8e81c7020ba88e1aae9a |
C:\Program Files (x86)\fdeecddwbexnnaxbhfdeec.dwb
| MD5 | 1dc5a5716b251634c7fcce324eafbe4f |
| SHA1 | 8fe279350e03a374265aabb618d9bd229ad7da42 |
| SHA256 | f1eff57c0ecb4f27bb9d80c9518c4695d435e3a58e4d6c5072131533c2d9b2e9 |
| SHA512 | b08263d78597fa71f4e4a47c53dca499cfeac25ccb7debab58f57f8eef485665cfdbf0309c60e5e730800467dd2f47572a6c185102ae6fb19003f65327800ab9 |
C:\Program Files (x86)\fdeecddwbexnnaxbhfdeec.dwb
| MD5 | ccbe3d50385b747c19d473828b8b1b3f |
| SHA1 | 0cf107aa77c0d01b7dc76355c98c0c555834cfe1 |
| SHA256 | db0082f251d2bbe18922f7cfcd8cfe38e312e14abd9144fc296d27c3f8b205b2 |
| SHA512 | 04690e680d7216848a7348b737bb782a67438d0911b9265187b5cd347f35f2557a65a277b95c8609feb3702e6b3470edb506b7484fe30b440ce2f45d15b15112 |