Analysis Overview
SHA256
c9fd2f88ae1d80838434f52f63ecc3009bda52cc0b76238121d6068999f13a43
Threat Level: Known bad
The file JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2 was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Pykspa
Modifies WinLogon for persistence
Pykspa family
Detect Pykspa worm
Adds policy Run key to start application
Disables RegEdit via registry modification
Blocklisted process makes network request
Checks computer location settings
Impair Defenses: Safe Mode Boot
Executes dropped EXE
Hijack Execution Flow: Executable Installer File Permissions Weakness
Checks whether UAC is enabled
Looks up external IP address via web service
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
System policy modification
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-19 07:07
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-19 07:07
Reported
2025-04-19 07:09
Platform
win10v2004-20250313-en
Max time kernel
44s
Max time network
151s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "amcxfyrdtfwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "oeyxjgdtndyslluwjqga.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "duppcaypkbxsmnxaownii.exe" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "qewtdythzngypnuufk.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqjhsokzshbumltugmb.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "bqjhsokzshbumltugmb.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "oeyxjgdtndyslluwjqga.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "duppcaypkbxsmnxaownii.exe" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "hulhqkerivneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "amcxfyrdtfwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\amcxfyrdtfwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qewtdythzngypnuufk.exe" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "qewtdythzngypnuufk.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "bqjhsokzshbumltugmb.exe" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "amcxfyrdtfwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "amcxfyrdtfwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\amcxfyrdtfwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "bqjhsokzshbumltugmb.exe" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqjhsokzshbumltugmb.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hulhqkerivneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hulhqkerivneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "duppcaypkbxsmnxaownii.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "hulhqkerivneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "amcxfyrdtfwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "hulhqkerivneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "hulhqkerivneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "bqjhsokzshbumltugmb.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "bqjhsokzshbumltugmb.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "duppcaypkbxsmnxaownii.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\duppcaypkbxsmnxaownii.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\bqjhsokzshbumltugmb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\oeyxjgdtndyslluwjqga.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\amcxfyrdtfwmbxca.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\qewtdythzngypnuufk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\qewtdythzngypnuufk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\oeyxjgdtndyslluwjqga.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\amcxfyrdtfwmbxca.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\qewtdythzngypnuufk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\bqjhsokzshbumltugmb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\duppcaypkbxsmnxaownii.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\qewtdythzngypnuufk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\duppcaypkbxsmnxaownii.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\bqjhsokzshbumltugmb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\bqjhsokzshbumltugmb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\duppcaypkbxsmnxaownii.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\duppcaypkbxsmnxaownii.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\bqjhsokzshbumltugmb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\duppcaypkbxsmnxaownii.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\qewtdythzngypnuufk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\qewtdythzngypnuufk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\amcxfyrdtfwmbxca.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\hulhqkerivneurxwg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\duppcaypkbxsmnxaownii.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\bqjhsokzshbumltugmb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\qewtdythzngypnuufk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\duppcaypkbxsmnxaownii.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\qewtdythzngypnuufk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\amcxfyrdtfwmbxca.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\hulhqkerivneurxwg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation | C:\Windows\hulhqkerivneurxwg.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qucppalp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\amcxfyrdtfwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qucppalp = "hulhqkerivneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\amcxfyrdtfwmbxca.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqjhsokzshbumltugmb.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qucppalp = "hulhqkerivneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "qewtdythzngypnuufk.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qucppalp = "qewtdythzngypnuufk.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qucppalp = "amcxfyrdtfwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe ." | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\samdhwltfnam = "bqjhsokzshbumltugmb.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qucppalp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hulhqkerivneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hulhqkerivneurxwg.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qewtdythzngypnuufk.exe ." | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\amcxfyrdtfwmbxca.exe ." | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\scqjpgxhvfuivp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe ." | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vcndguipaht = "amcxfyrdtfwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hulhqkerivneurxwg.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "hulhqkerivneurxwg.exe ." | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\amcxfyrdtfwmbxca.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vcndguipaht = "oeyxjgdtndyslluwjqga.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\samdhwltfnam = "amcxfyrdtfwmbxca.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqjhsokzshbumltugmb.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vcndguipaht = "bqjhsokzshbumltugmb.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hulhqkerivneurxwg.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qucppalp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe ." | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qucppalp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\amcxfyrdtfwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\samdhwltfnam = "amcxfyrdtfwmbxca.exe ." | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qucppalp = "qewtdythzngypnuufk.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\scqjpgxhvfuivp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hulhqkerivneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqjhsokzshbumltugmb.exe ." | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qucppalp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qucppalp = "amcxfyrdtfwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qucppalp = "amcxfyrdtfwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qewtdythzngypnuufk.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qucppalp = "oeyxjgdtndyslluwjqga.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\scqjpgxhvfuivp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qewtdythzngypnuufk.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\samdhwltfnam = "bqjhsokzshbumltugmb.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hulhqkerivneurxwg.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\scqjpgxhvfuivp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qewtdythzngypnuufk.exe" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\amcxfyrdtfwmbxca.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vcndguipaht = "oeyxjgdtndyslluwjqga.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\samdhwltfnam = "duppcaypkbxsmnxaownii.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "duppcaypkbxsmnxaownii.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\scqjpgxhvfuivp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\amcxfyrdtfwmbxca.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qucppalp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqjhsokzshbumltugmb.exe" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "hulhqkerivneurxwg.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qucppalp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hulhqkerivneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "qewtdythzngypnuufk.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qucppalp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qewtdythzngypnuufk.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qucppalp = "hulhqkerivneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qucppalp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hulhqkerivneurxwg.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "bqjhsokzshbumltugmb.exe ." | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\samdhwltfnam = "qewtdythzngypnuufk.exe ." | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqjhsokzshbumltugmb.exe ." | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "qewtdythzngypnuufk.exe ." | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qucppalp = "oeyxjgdtndyslluwjqga.exe" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "oeyxjgdtndyslluwjqga.exe ." | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\qewtdythzngypnuufk.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qewtdythzngypnuufk.exe | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bqjhsokzshbumltugmb.exe | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\duppcaypkbxsmnxaownii.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hulhqkerivneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qewtdythzngypnuufk.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\amcxfyrdtfwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bqjhsokzshbumltugmb.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\duppcaypkbxsmnxaownii.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File created | C:\Windows\SysWOW64\dejtqyghmntycnhusklqaxfnotu.fju | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\duppcaypkbxsmnxaownii.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\amcxfyrdtfwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\duppcaypkbxsmnxaownii.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qewtdythzngypnuufk.exe | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bqjhsokzshbumltugmb.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hulhqkerivneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\amcxfyrdtfwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hulhqkerivneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umijxwvnjbyuprcgvewsth.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umijxwvnjbyuprcgvewsth.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bqjhsokzshbumltugmb.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umijxwvnjbyuprcgvewsth.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\duppcaypkbxsmnxaownii.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dejtqyghmntycnhusklqaxfnotu.fju | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\duppcaypkbxsmnxaownii.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hulhqkerivneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qewtdythzngypnuufk.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hulhqkerivneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\amcxfyrdtfwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hulhqkerivneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\duppcaypkbxsmnxaownii.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umijxwvnjbyuprcgvewsth.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\duppcaypkbxsmnxaownii.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qewtdythzngypnuufk.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bqjhsokzshbumltugmb.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qewtdythzngypnuufk.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bqjhsokzshbumltugmb.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hulhqkerivneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\amcxfyrdtfwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umijxwvnjbyuprcgvewsth.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umijxwvnjbyuprcgvewsth.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\duppcaypkbxsmnxaownii.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hulhqkerivneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bqjhsokzshbumltugmb.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\amcxfyrdtfwmbxcajmyojrkdpfriynjomvykav.wpb | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bqjhsokzshbumltugmb.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bqjhsokzshbumltugmb.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qewtdythzngypnuufk.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\amcxfyrdtfwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qewtdythzngypnuufk.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qewtdythzngypnuufk.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\dejtqyghmntycnhusklqaxfnotu.fju | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| File created | C:\Program Files (x86)\dejtqyghmntycnhusklqaxfnotu.fju | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| File opened for modification | C:\Program Files (x86)\amcxfyrdtfwmbxcajmyojrkdpfriynjomvykav.wpb | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| File created | C:\Program Files (x86)\amcxfyrdtfwmbxcajmyojrkdpfriynjomvykav.wpb | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\umijxwvnjbyuprcgvewsth.exe | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| File opened for modification | C:\Windows\umijxwvnjbyuprcgvewsth.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\amcxfyrdtfwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\qewtdythzngypnuufk.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\amcxfyrdtfwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\duppcaypkbxsmnxaownii.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\amcxfyrdtfwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\umijxwvnjbyuprcgvewsth.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\umijxwvnjbyuprcgvewsth.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\duppcaypkbxsmnxaownii.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\qewtdythzngypnuufk.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\hulhqkerivneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\qewtdythzngypnuufk.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\hulhqkerivneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\amcxfyrdtfwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\hulhqkerivneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\duppcaypkbxsmnxaownii.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\amcxfyrdtfwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| File opened for modification | C:\Windows\qewtdythzngypnuufk.exe | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| File opened for modification | C:\Windows\bqjhsokzshbumltugmb.exe | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| File opened for modification | C:\Windows\dejtqyghmntycnhusklqaxfnotu.fju | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| File opened for modification | C:\Windows\bqjhsokzshbumltugmb.exe | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| File opened for modification | C:\Windows\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\amcxfyrdtfwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\duppcaypkbxsmnxaownii.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\qewtdythzngypnuufk.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\duppcaypkbxsmnxaownii.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\bqjhsokzshbumltugmb.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\hulhqkerivneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| File opened for modification | C:\Windows\duppcaypkbxsmnxaownii.exe | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| File opened for modification | C:\Windows\duppcaypkbxsmnxaownii.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\qewtdythzngypnuufk.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\duppcaypkbxsmnxaownii.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\hulhqkerivneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\bqjhsokzshbumltugmb.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\umijxwvnjbyuprcgvewsth.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\hulhqkerivneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\amcxfyrdtfwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\umijxwvnjbyuprcgvewsth.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\duppcaypkbxsmnxaownii.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\bqjhsokzshbumltugmb.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\umijxwvnjbyuprcgvewsth.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\amcxfyrdtfwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\bqjhsokzshbumltugmb.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\umijxwvnjbyuprcgvewsth.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\amcxfyrdtfwmbxca.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\qewtdythzngypnuufk.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\hulhqkerivneurxwg.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\oeyxjgdtndyslluwjqga.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\qewtdythzngypnuufk.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\bqjhsokzshbumltugmb.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\umijxwvnjbyuprcgvewsth.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\bqjhsokzshbumltugmb.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\duppcaypkbxsmnxaownii.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\qewtdythzngypnuufk.exe | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| File opened for modification | C:\Windows\qewtdythzngypnuufk.exe | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oeyxjgdtndyslluwjqga.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qewtdythzngypnuufk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bqjhsokzshbumltugmb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qewtdythzngypnuufk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\duppcaypkbxsmnxaownii.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qewtdythzngypnuufk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oeyxjgdtndyslluwjqga.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qewtdythzngypnuufk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hulhqkerivneurxwg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\amcxfyrdtfwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\duppcaypkbxsmnxaownii.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qewtdythzngypnuufk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hulhqkerivneurxwg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\amcxfyrdtfwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bqjhsokzshbumltugmb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\amcxfyrdtfwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\duppcaypkbxsmnxaownii.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\amcxfyrdtfwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\duppcaypkbxsmnxaownii.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\duppcaypkbxsmnxaownii.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bqjhsokzshbumltugmb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hulhqkerivneurxwg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\duppcaypkbxsmnxaownii.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bqjhsokzshbumltugmb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\duppcaypkbxsmnxaownii.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\amcxfyrdtfwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hulhqkerivneurxwg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oeyxjgdtndyslluwjqga.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\amcxfyrdtfwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bqjhsokzshbumltugmb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oeyxjgdtndyslluwjqga.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\amcxfyrdtfwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bqjhsokzshbumltugmb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qewtdythzngypnuufk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\belxwgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe"
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c1c90ccb7f44badc91ec2859323fcde2.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."
C:\Users\Admin\AppData\Local\Temp\belxwgq.exe
"C:\Users\Admin\AppData\Local\Temp\belxwgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c1c90ccb7f44badc91ec2859323fcde2.exe"
C:\Users\Admin\AppData\Local\Temp\belxwgq.exe
"C:\Users\Admin\AppData\Local\Temp\belxwgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c1c90ccb7f44badc91ec2859323fcde2.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe .
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe .
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe .
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe .
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe .
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe .
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe .
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe .
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe .
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe .
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe .
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe .
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe .
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe .
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Windows\bqjhsokzshbumltugmb.exe
bqjhsokzshbumltugmb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe
C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe
C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe
C:\Windows\duppcaypkbxsmnxaownii.exe
duppcaypkbxsmnxaownii.exe
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Windows\amcxfyrdtfwmbxca.exe
amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."
C:\Windows\hulhqkerivneurxwg.exe
hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .
C:\Windows\oeyxjgdtndyslluwjqga.exe
oeyxjgdtndyslluwjqga.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Windows\qewtdythzngypnuufk.exe
qewtdythzngypnuufk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.ebay.com | udp |
| GB | 173.222.9.77:80 | www.ebay.com | tcp |
| RU | 46.37.140.186:22967 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | icuqqyasqw.com | udp |
| US | 8.8.8.8:53 | hbfgnzsxgme.org | udp |
| US | 8.8.8.8:53 | tyfxgqn.info | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | xguebajirey.net | udp |
| US | 8.8.8.8:53 | ixsbjlggupmz.info | udp |
| US | 8.8.8.8:53 | rbhram.info | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | omulltpohso.info | udp |
| US | 8.8.8.8:53 | xujuvfndzaa.net | udp |
| US | 8.8.8.8:53 | eingrbthhuw.net | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | xwxuxedwj.org | udp |
| US | 8.8.8.8:53 | wuamyiew.org | udp |
| US | 8.8.8.8:53 | wroxqupjtp.info | udp |
| US | 8.8.8.8:53 | lwptfk.info | udp |
| US | 8.8.8.8:53 | awaris.net | udp |
| DE | 195.30.84.222:80 | awaris.net | tcp |
| US | 8.8.8.8:53 | dcrctcpkc.net | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | komgomyuwkog.com | udp |
| US | 8.8.8.8:53 | esokwuioqyua.com | udp |
| US | 8.8.8.8:53 | tskffub.net | udp |
| US | 8.8.8.8:53 | neocsjgfzmip.net | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | tgtwhhn.org | udp |
| US | 8.8.8.8:53 | fpzbkbmx.net | udp |
| BG | 79.100.94.212:28678 | tcp | |
| US | 8.8.8.8:53 | kybbhfsmx.net | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | yhvndpzdjtjb.net | udp |
| US | 8.8.8.8:53 | tuzmvqx.net | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | eqdfpkr.info | udp |
| US | 8.8.8.8:53 | srvkwbls.info | udp |
| US | 8.8.8.8:53 | puusteljfnt.org | udp |
| US | 8.8.8.8:53 | jgtqvwv.org | udp |
| US | 8.8.8.8:53 | ffpwlurdvjuj.info | udp |
| US | 8.8.8.8:53 | tjxkpivu.info | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | rydehshxtlv.net | udp |
| US | 8.8.8.8:53 | ymcouwaquwim.com | udp |
| US | 8.8.8.8:53 | ermahee.info | udp |
| US | 8.8.8.8:53 | gvanotphup.net | udp |
| US | 8.8.8.8:53 | tcidmzuaiv.info | udp |
| US | 8.8.8.8:53 | tjvgpwyk.net | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | lfjjqlwk.net | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | bkwzjwusvbt.com | udp |
| US | 8.8.8.8:53 | aickqcmmokuy.com | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | elxagbsk.info | udp |
| NZ | 219.88.97.158:30613 | tcp | |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | jfjujz.info | udp |
| US | 8.8.8.8:53 | aqysuigc.org | udp |
| US | 8.8.8.8:53 | kfdrug.net | udp |
| US | 8.8.8.8:53 | fyfuhzkfycnd.info | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | xirszryesf.net | udp |
| US | 8.8.8.8:53 | puutnuhfbv.info | udp |
| US | 8.8.8.8:53 | tercgxzwoi.net | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | cwcgko.org | udp |
| US | 8.8.8.8:53 | bknyzqyeb.net | udp |
| US | 8.8.8.8:53 | eknlzolc.info | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | bilpumd.net | udp |
| US | 8.8.8.8:53 | zowspabrlk.info | udp |
| US | 8.8.8.8:53 | yljubatvt.info | udp |
| US | 8.8.8.8:53 | yghuzic.net | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | lgjzjdwmjhkr.info | udp |
| US | 8.8.8.8:53 | wykgqweeyywg.org | udp |
| US | 8.8.8.8:53 | nrrddq.info | udp |
| US | 8.8.8.8:53 | semnpbrhbpqb.info | udp |
| US | 8.8.8.8:53 | ztfthbdste.info | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | wzhqdz.info | udp |
| US | 8.8.8.8:53 | ersdkobqkxxh.net | udp |
| US | 8.8.8.8:53 | geoxxcdukxr.info | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | byysonv.info | udp |
| US | 8.8.8.8:53 | mkymwgqa.org | udp |
| US | 8.8.8.8:53 | abvhcuunrs.net | udp |
| US | 8.8.8.8:53 | tapsljcsdnhu.info | udp |
| US | 8.8.8.8:53 | gbgfeotpfrtc.net | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | ispwahdodkx.info | udp |
| US | 8.8.8.8:53 | qfbdjcrdn.info | udp |
| US | 8.8.8.8:53 | evesvcvtwgvf.info | udp |
| US | 8.8.8.8:53 | ghwsbaasah.net | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | eelpjzdowh.info | udp |
| US | 8.8.8.8:53 | zzugflvs.net | udp |
| US | 8.8.8.8:53 | esuukcgmumyk.com | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| BG | 178.169.136.9:25690 | tcp | |
| US | 8.8.8.8:53 | exvsjmfjw.net | udp |
| US | 8.8.8.8:53 | wagkyowuoguq.org | udp |
| US | 8.8.8.8:53 | lhfsrjrppql.net | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | gfnifmeou.net | udp |
| US | 8.8.8.8:53 | xywieahmbph.com | udp |
| US | 8.8.8.8:53 | biovfwlga.net | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | jzssvu.net | udp |
| US | 8.8.8.8:53 | pyjfpsrjq.com | udp |
| US | 8.8.8.8:53 | sslzhpje.info | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | peravin.net | udp |
| US | 8.8.8.8:53 | tafkjkfyjmt.com | udp |
| US | 8.8.8.8:53 | zycauodbdkn.net | udp |
| US | 8.8.8.8:53 | vhunvatz.net | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | xqjohst.com | udp |
| US | 8.8.8.8:53 | hmsifeb.net | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | ggpmbrhouwv.info | udp |
| US | 8.8.8.8:53 | chuklevyoxyd.net | udp |
| US | 8.8.8.8:53 | mqcoog.net | udp |
| US | 8.8.8.8:53 | wkgotudy.info | udp |
| US | 8.8.8.8:53 | oqasmwvapxnx.info | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | xxpvcdotqd.net | udp |
| US | 8.8.8.8:53 | klidhyn.info | udp |
| US | 8.8.8.8:53 | iwpoczbt.net | udp |
| US | 8.8.8.8:53 | zupitzzor.net | udp |
| US | 8.8.8.8:53 | keiqswioavr.info | udp |
| US | 8.8.8.8:53 | oucaymswwkai.org | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | ykcwfcp.net | udp |
| US | 8.8.8.8:53 | mjgcsst.info | udp |
| US | 8.8.8.8:53 | cchbhroumjm.info | udp |
| US | 8.8.8.8:53 | zeixhxx.org | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | dlzktcuugp.info | udp |
| US | 8.8.8.8:53 | pclufejutiv.net | udp |
| US | 8.8.8.8:53 | hgsitoou.net | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | alfwckezdwea.info | udp |
| US | 8.8.8.8:53 | xtlzgzikdvtt.info | udp |
| US | 8.8.8.8:53 | vpssnuzwypj.org | udp |
| IT | 88.147.68.25:20703 | tcp | |
| US | 8.8.8.8:53 | bewmwiogiqq.org | udp |
| US | 8.8.8.8:53 | cwxogmp.net | udp |
| US | 8.8.8.8:53 | lggevyzvrbn.org | udp |
| US | 8.8.8.8:53 | feixrqoc.info | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | xqgcngmop.com | udp |
| US | 8.8.8.8:53 | xfpybpna.info | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | hdxixovzbq.net | udp |
| US | 8.8.8.8:53 | xofnaktnrixp.info | udp |
| US | 8.8.8.8:53 | zeruwuqqwmx.net | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | xyvvxutsjzpn.net | udp |
| US | 8.8.8.8:53 | mcowmwckcqco.org | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | hgweljqn.info | udp |
| US | 8.8.8.8:53 | mwjjjkr.info | udp |
| US | 8.8.8.8:53 | dfcsahmy.info | udp |
| US | 8.8.8.8:53 | jjfqvmlphsai.info | udp |
| US | 8.8.8.8:53 | iqqcaiqmgc.org | udp |
| US | 8.8.8.8:53 | quuoamewew.com | udp |
| US | 8.8.8.8:53 | dzouyuhonqv.info | udp |
| US | 8.8.8.8:53 | wkfrgzog.info | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | wbhedxm.info | udp |
| US | 8.8.8.8:53 | ycyeuuwcik.org | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | hzlghaa.net | udp |
| US | 8.8.8.8:53 | khngfgv.info | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| BR | 201.26.109.174:40590 | tcp | |
| US | 8.8.8.8:53 | rjcdvdksetio.info | udp |
| US | 8.8.8.8:53 | mkskdqwgpcx.net | udp |
| US | 8.8.8.8:53 | xbtfto.net | udp |
| US | 8.8.8.8:53 | uzjrbgvmfav.net | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | xebqjyfoniv.org | udp |
| US | 8.8.8.8:53 | vepihmywnlxb.info | udp |
| US | 8.8.8.8:53 | lgjyjwfie.net | udp |
| US | 8.8.8.8:53 | txqqncxrhx.net | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | wwmntpxdya.net | udp |
| US | 8.8.8.8:53 | zsbwuejdflnb.info | udp |
| US | 8.8.8.8:53 | ttylsdde.info | udp |
| US | 8.8.8.8:53 | tidifwlst.org | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | zyhhpt.net | udp |
| US | 8.8.8.8:53 | thvugaief.net | udp |
| US | 8.8.8.8:53 | cbhnqlfgwyh.net | udp |
| US | 8.8.8.8:53 | qebaclb.net | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | eseqkyigauus.com | udp |
| US | 8.8.8.8:53 | jcdfvel.net | udp |
| US | 8.8.8.8:53 | yykqqocecm.org | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | kzmsbykdb.net | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | ysiwsmqe.com | udp |
| US | 8.8.8.8:53 | zannpjoocg.info | udp |
| US | 8.8.8.8:53 | rqmvnnodrl.info | udp |
| US | 8.8.8.8:53 | cpbqqkv.info | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | chpolgot.info | udp |
| US | 8.8.8.8:53 | nrmphwhmr.com | udp |
| US | 8.8.8.8:53 | uazshup.net | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | dotyrrwx.info | udp |
| US | 8.8.8.8:53 | jivgmmxfkqfs.net | udp |
| US | 8.8.8.8:53 | ksoswu.com | udp |
| US | 8.8.8.8:53 | xgxatmb.info | udp |
| US | 8.8.8.8:53 | vcmfrufqvcn.org | udp |
| LT | 88.222.30.88:30600 | tcp | |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | epjfdtthwi.info | udp |
| US | 8.8.8.8:53 | fnlozpphq.net | udp |
| US | 8.8.8.8:53 | thvqlcwc.net | udp |
| US | 8.8.8.8:53 | qahvzirdokk.info | udp |
| US | 8.8.8.8:53 | ccumgi.com | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | qoabhk.net | udp |
| US | 8.8.8.8:53 | oopgrjhot.info | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | attzmbjfcu.info | udp |
| US | 8.8.8.8:53 | iaioaacoiq.com | udp |
| US | 8.8.8.8:53 | hblgzub.net | udp |
| US | 8.8.8.8:53 | txjphidulvxz.info | udp |
| US | 8.8.8.8:53 | bcgqijwof.com | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | zeehxhr.net | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | uxocprlbnliz.net | udp |
| US | 8.8.8.8:53 | dfigkg.info | udp |
| US | 8.8.8.8:53 | aookywiqwiik.com | udp |
| US | 8.8.8.8:53 | logkskr.org | udp |
| US | 8.8.8.8:53 | ssbgky.net | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | fkvsqgdijuk.com | udp |
| US | 8.8.8.8:53 | iiyyzjfjta.net | udp |
| US | 8.8.8.8:53 | dofxxulu.info | udp |
| US | 8.8.8.8:53 | badwglaixkzp.net | udp |
| US | 8.8.8.8:53 | ektdnakmzed.info | udp |
| US | 8.8.8.8:53 | ygkbtjjdsr.info | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | boxglq.net | udp |
| US | 8.8.8.8:53 | uiekmeyo.com | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | mglldgdupixw.info | udp |
| US | 8.8.8.8:53 | awlbgazxpcg.net | udp |
| US | 8.8.8.8:53 | ykzybcihfvr.info | udp |
| US | 8.8.8.8:53 | tzaxvlqpdn.info | udp |
| US | 8.8.8.8:53 | dyvwiin.com | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | mfxpnon.info | udp |
| US | 8.8.8.8:53 | okemeswq.org | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | xvaecalfruen.net | udp |
| US | 8.8.8.8:53 | kjrklwr.info | udp |
| US | 8.8.8.8:53 | zapuyqwcrfp.org | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | llfdkcyr.net | udp |
| US | 8.8.8.8:53 | tcqybxs.info | udp |
| US | 8.8.8.8:53 | eyoicygkggka.org | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | mqmeeggoggaa.com | udp |
| US | 8.8.8.8:53 | yquygigeeq.com | udp |
| US | 8.8.8.8:53 | pqzjnoazwm.info | udp |
| US | 8.8.8.8:53 | hzbtvkdekpd.org | udp |
| US | 8.8.8.8:53 | usoosiecwi.com | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | syxrzgz.info | udp |
| US | 8.8.8.8:53 | qliracrkdoit.net | udp |
| US | 8.8.8.8:53 | vvsfbe.info | udp |
| US | 8.8.8.8:53 | tceoxghd.info | udp |
| US | 8.8.8.8:53 | lmfyrwqqpp.info | udp |
| US | 8.8.8.8:53 | pvqtpjfsca.info | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | zmtbdx.info | udp |
| US | 8.8.8.8:53 | wokiuk.org | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | jasksuej.info | udp |
| BG | 188.254.129.227:35854 | tcp | |
| US | 8.8.8.8:53 | wszozdx.net | udp |
| US | 8.8.8.8:53 | uxumvrboamv.net | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | ysceyeikemom.org | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | jqetlus.info | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | lgtwyvhi.net | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | xqnqva.info | udp |
| US | 8.8.8.8:53 | ikeaykai.org | udp |
| US | 8.8.8.8:53 | gpaysichlz.net | udp |
| US | 8.8.8.8:53 | gumgrj.info | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | njrvdh.net | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | mstfoi.info | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | miokiswoyc.com | udp |
| US | 8.8.8.8:53 | fqdewasckt.info | udp |
| US | 8.8.8.8:53 | degevznsh.info | udp |
| US | 8.8.8.8:53 | ctfejscbzqb.info | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | tyogfwv.org | udp |
| US | 8.8.8.8:53 | dlaqxkzamb.info | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | kpdalzn.info | udp |
| US | 8.8.8.8:53 | clxienkpdw.net | udp |
| US | 8.8.8.8:53 | jkhoywsjvpba.net | udp |
| US | 8.8.8.8:53 | jbcwzjz.com | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | oaagmymikk.org | udp |
| US | 8.8.8.8:53 | uqopuahxn.info | udp |
| US | 8.8.8.8:53 | ivbucmt.net | udp |
| US | 8.8.8.8:53 | xqsupbsy.info | udp |
| US | 8.8.8.8:53 | crjuhoiefp.info | udp |
| US | 8.8.8.8:53 | lozezgbez.com | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | zurbllhm.net | udp |
| US | 8.8.8.8:53 | nbpptpkfhf.net | udp |
| US | 8.8.8.8:53 | jdpkobhiekt.info | udp |
| US | 8.8.8.8:53 | dgpbadaaxy.net | udp |
| US | 8.8.8.8:53 | kivxtsh.info | udp |
| US | 8.8.8.8:53 | sipihgi.net | udp |
| US | 8.8.8.8:53 | auykoayagw.org | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | tibwzun.com | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | zshajpzoud.info | udp |
| US | 8.8.8.8:53 | owsqmysqqgus.org | udp |
| US | 8.8.8.8:53 | pgouxdfwr.info | udp |
| US | 8.8.8.8:53 | eaaplwhozkx.net | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | dtgwqr.net | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | zaqkpnys.info | udp |
| US | 8.8.8.8:53 | kgegqm.org | udp |
| US | 8.8.8.8:53 | pvcxxrlj.info | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | kdryhavit.info | udp |
| US | 8.8.8.8:53 | qdajdkjfzm.info | udp |
| US | 8.8.8.8:53 | jvnxxukv.net | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | lunqzdist.com | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | aelodgpb.info | udp |
| US | 8.8.8.8:53 | mkfzgkqzbej.info | udp |
| US | 8.8.8.8:53 | qxvhtmgboeli.net | udp |
| US | 8.8.8.8:53 | acumbsmcu.info | udp |
| US | 8.8.8.8:53 | mrfouarqjca.net | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | aiqqya.org | udp |
| US | 8.8.8.8:53 | wvsixbbkbku.net | udp |
| US | 8.8.8.8:53 | hapsvgx.net | udp |
| US | 8.8.8.8:53 | edsdvf.net | udp |
| US | 8.8.8.8:53 | hgpwecpeesx.info | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | csbavyfyrek.info | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | vcndjyq.com | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | skiguaiiyy.com | udp |
| US | 8.8.8.8:53 | qhdexexilv.net | udp |
| US | 8.8.8.8:53 | jvysfx.info | udp |
| US | 8.8.8.8:53 | ymnzvjmehzi.info | udp |
| US | 8.8.8.8:53 | szcwcbzuzivo.info | udp |
| US | 8.8.8.8:53 | alewrzpftq.info | udp |
| US | 8.8.8.8:53 | tfjecohwiip.org | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | yfozkzwq.info | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | fawxmblsxttp.net | udp |
| US | 8.8.8.8:53 | lbvjvutgp.org | udp |
| US | 8.8.8.8:53 | elwqmq.info | udp |
| US | 8.8.8.8:53 | bhbghywanql.net | udp |
| US | 8.8.8.8:53 | yvvfmyvf.info | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | yumrczzit.info | udp |
| US | 8.8.8.8:53 | tcmvufyapm.info | udp |
| US | 8.8.8.8:53 | euapbshmq.info | udp |
| US | 8.8.8.8:53 | eymewq.org | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | umvupke.net | udp |
| US | 8.8.8.8:53 | jiodkrpn.net | udp |
| US | 8.8.8.8:53 | mzvuzyhxogyu.info | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | lqxeymj.org | udp |
| US | 8.8.8.8:53 | hezqvzlz.net | udp |
| US | 8.8.8.8:53 | jvtghiruty.info | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| NL | 173.194.69.94:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | kytikecgcot.info | udp |
| US | 8.8.8.8:53 | rzxyzaxrkyf.com | udp |
| US | 8.8.8.8:53 | wrrvvmxeg.net | udp |
| US | 8.8.8.8:53 | bpplcgj.com | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | yeouws.com | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | qiaoigzcoqa.info | udp |
| US | 8.8.8.8:53 | uaxcyav.info | udp |
| US | 8.8.8.8:53 | ooexzy.info | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | umqiussyom.org | udp |
| US | 8.8.8.8:53 | rsbfabwlukgf.info | udp |
| PT | 213.22.247.132:24835 | tcp | |
| US | 8.8.8.8:53 | zetpolry.info | udp |
| US | 8.8.8.8:53 | daczdgnrp.com | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | dahukqx.com | udp |
| US | 8.8.8.8:53 | erhwbtbk.info | udp |
| US | 8.8.8.8:53 | jhfoonojgqss.info | udp |
| US | 8.8.8.8:53 | fjrkfiparix.info | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | mumusnmwhqtc.info | udp |
| US | 8.8.8.8:53 | sqwosqqa.org | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | ugbuycb.net | udp |
| US | 8.8.8.8:53 | ztxyreu.info | udp |
| US | 8.8.8.8:53 | oldotqnyn.info | udp |
| US | 8.8.8.8:53 | wmxjhjbyth.info | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | wvdiypafhaya.info | udp |
| US | 8.8.8.8:53 | xqpvvp.info | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | zsrufkdua.com | udp |
| US | 8.8.8.8:53 | sizpvevzrrt.net | udp |
| US | 8.8.8.8:53 | bnlrxo.net | udp |
| US | 8.8.8.8:53 | apxxianbnydh.info | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | vediowtkf.com | udp |
| US | 8.8.8.8:53 | xhoddeooxe.info | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | uukkxctsp.info | udp |
| US | 8.8.8.8:53 | usuywc.org | udp |
| RU | 95.105.123.4:36717 | tcp | |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | jsjuxwpxx.net | udp |
| US | 8.8.8.8:53 | yctbkopl.net | udp |
| US | 8.8.8.8:53 | efnddf.info | udp |
| US | 8.8.8.8:53 | fmpktqpifyd.net | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | ronjuu.info | udp |
| US | 8.8.8.8:53 | rwfgqv.info | udp |
| US | 8.8.8.8:53 | vujnwa.net | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | uyugecwm.com | udp |
| US | 8.8.8.8:53 | iyqupy.info | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | wogfdnfc.net | udp |
| US | 8.8.8.8:53 | witpndck.net | udp |
| US | 8.8.8.8:53 | sickqe.com | udp |
| US | 8.8.8.8:53 | auqkiiawgusm.com | udp |
| US | 8.8.8.8:53 | yjzpeejgwk.net | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | juysvtxmc.net | udp |
| US | 8.8.8.8:53 | esuaxnv.info | udp |
| US | 8.8.8.8:53 | kexuozfhb.net | udp |
| US | 8.8.8.8:53 | qyocsmscuqca.com | udp |
| US | 8.8.8.8:53 | bsclrpurxa.info | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | lawoswoh.net | udp |
| US | 8.8.8.8:53 | urcflaspbjhk.net | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | isymsouk.org | udp |
| US | 8.8.8.8:53 | bzhqgso.info | udp |
| US | 8.8.8.8:53 | lmeefypeagj.net | udp |
| US | 8.8.8.8:53 | eazavsj.info | udp |
| US | 8.8.8.8:53 | gocqzonnipkv.info | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | wunpaempur.info | udp |
| US | 8.8.8.8:53 | gffccjfx.net | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | xixroraepfrn.net | udp |
| US | 8.8.8.8:53 | uczhfjzxau.net | udp |
| US | 8.8.8.8:53 | aijudjijd.net | udp |
| US | 8.8.8.8:53 | mfvgvhajzh.info | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | rurobsb.org | udp |
| US | 8.8.8.8:53 | qwguiqus.org | udp |
| US | 8.8.8.8:53 | mipuxovspmp.net | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | tangxqd.info | udp |
| BG | 46.237.76.193:14690 | tcp | |
| US | 8.8.8.8:53 | kalufutmhgc.info | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | kowacq.org | udp |
| US | 8.8.8.8:53 | kcfovjdlfz.net | udp |
| US | 8.8.8.8:53 | qewqssgkwosy.com | udp |
| US | 8.8.8.8:53 | grxolmlnjppg.info | udp |
| US | 8.8.8.8:53 | yiceceou.org | udp |
| US | 8.8.8.8:53 | dfntnjit.net | udp |
| US | 8.8.8.8:53 | kociae.com | udp |
| US | 8.8.8.8:53 | rhnthftg.net | udp |
| US | 8.8.8.8:53 | xkqavkycltf.com | udp |
| US | 8.8.8.8:53 | lerugfstep.net | udp |
| US | 8.8.8.8:53 | tslavis.org | udp |
| US | 8.8.8.8:53 | krvkxet.net | udp |
| US | 8.8.8.8:53 | rcdbcuqim.net | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | ltxxwo.net | udp |
| US | 8.8.8.8:53 | hmilsiz.info | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | rjhjiyqapeb.com | udp |
| US | 8.8.8.8:53 | sokacoscogge.org | udp |
| US | 8.8.8.8:53 | fuvfttvpx.info | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | rtlddgfqpzhl.net | udp |
| US | 8.8.8.8:53 | msygwjd.net | udp |
| US | 8.8.8.8:53 | orripev.info | udp |
| US | 8.8.8.8:53 | btprhxhs.net | udp |
| US | 8.8.8.8:53 | nhxbncfz.info | udp |
| US | 8.8.8.8:53 | wympggf.net | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | yijklmxapsf.net | udp |
| US | 8.8.8.8:53 | okdgfmeyh.net | udp |
| US | 8.8.8.8:53 | bqvkvi.info | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | hpdztph.net | udp |
| US | 8.8.8.8:53 | metbhe.net | udp |
| US | 8.8.8.8:53 | umocmcyiqm.org | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | relnjxpotuf.info | udp |
| US | 8.8.8.8:53 | zovoekhvj.info | udp |
| US | 8.8.8.8:53 | ccmgcg.com | udp |
| US | 8.8.8.8:53 | mxvuhpuvca.net | udp |
| US | 8.8.8.8:53 | pyqeeqsix.info | udp |
| US | 8.8.8.8:53 | nocbjqgnn.net | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | xbgufccpfv.info | udp |
| US | 8.8.8.8:53 | vlhazlanlud.com | udp |
| US | 8.8.8.8:53 | hlhzzohfnqko.info | udp |
| US | 8.8.8.8:53 | vuunpybtyx.info | udp |
| US | 8.8.8.8:53 | juatqdrrn.org | udp |
| US | 8.8.8.8:53 | skyrvngr.info | udp |
| US | 8.8.8.8:53 | vmbprgx.info | udp |
| US | 8.8.8.8:53 | zonhomnz.info | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | dereanwgi.org | udp |
| US | 8.8.8.8:53 | oircttdktuv.net | udp |
| US | 8.8.8.8:53 | xqkqghluiy.net | udp |
| US | 8.8.8.8:53 | fcnxgtiohncz.net | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | dorwhcjhfcz.info | udp |
| US | 8.8.8.8:53 | gewkammi.org | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | zcouvoeudaz.org | udp |
| US | 8.8.8.8:53 | bcqufsnigsu.net | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | ecuhtkabz.net | udp |
| US | 8.8.8.8:53 | vgnjqrjdlero.info | udp |
| US | 8.8.8.8:53 | dnaxpgmv.info | udp |
| US | 8.8.8.8:53 | eybhowykksd.net | udp |
| US | 8.8.8.8:53 | hnysfxiz.net | udp |
| MD | 93.116.216.127:19424 | tcp | |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | vnzcmfjhvxp.com | udp |
| US | 8.8.8.8:53 | ltszfvjflvqg.info | udp |
| US | 8.8.8.8:53 | ayjlvckjjz.net | udp |
| US | 8.8.8.8:53 | pzvdxylqx.org | udp |
| US | 8.8.8.8:53 | rodxthiil.info | udp |
| US | 8.8.8.8:53 | rtzkvhpcmuz.info | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | ulruno.info | udp |
| US | 8.8.8.8:53 | fbpmxpicx.org | udp |
| US | 8.8.8.8:53 | gubjte.info | udp |
| US | 8.8.8.8:53 | maowdebhk.net | udp |
| US | 8.8.8.8:53 | geoqvcwoh.info | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | eohhzu.net | udp |
| US | 8.8.8.8:53 | lgqsggmsaq.net | udp |
| US | 8.8.8.8:53 | qxjagtkexptt.net | udp |
| US | 8.8.8.8:53 | nexpvuu.net | udp |
| US | 8.8.8.8:53 | myusljfhfeb.info | udp |
| US | 8.8.8.8:53 | kcuynmjane.info | udp |
| US | 8.8.8.8:53 | oqtyngnad.net | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | fgjbrlgomb.info | udp |
| US | 8.8.8.8:53 | wqclhvlppkc.info | udp |
| US | 8.8.8.8:53 | boqdhqi.net | udp |
| US | 8.8.8.8:53 | kueekgmeuc.com | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | exmpbwfuuhlk.info | udp |
| US | 8.8.8.8:53 | dhtrwn.info | udp |
| US | 8.8.8.8:53 | issuumoo.org | udp |
| US | 8.8.8.8:53 | eayailfxrsoi.net | udp |
| US | 8.8.8.8:53 | fwldta.net | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | uchtpkfcfpu.net | udp |
| US | 8.8.8.8:53 | wxruzx.net | udp |
| US | 8.8.8.8:53 | zijitkvnbzby.info | udp |
| US | 8.8.8.8:53 | qxpaiy.info | udp |
| US | 8.8.8.8:53 | ecjxtn.net | udp |
| US | 8.8.8.8:53 | kcyvjiar.info | udp |
| US | 8.8.8.8:53 | zeoeogdrz.info | udp |
| US | 8.8.8.8:53 | zlbiakwkkix.info | udp |
| US | 8.8.8.8:53 | wyhehmlwwax.info | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | ffdxikgfgolb.info | udp |
| US | 8.8.8.8:53 | pybmxcc.info | udp |
| US | 8.8.8.8:53 | aqllvpsdrn.info | udp |
| US | 8.8.8.8:53 | yfesnqxhv.net | udp |
| US | 8.8.8.8:53 | dwzxsobf.net | udp |
| BG | 46.40.80.60:19109 | tcp | |
| US | 8.8.8.8:53 | usqexhkswvb.net | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | kdhmyexgrpl.info | udp |
| US | 8.8.8.8:53 | eemqmywo.com | udp |
| US | 8.8.8.8:53 | hovsnmhjjux.net | udp |
| US | 8.8.8.8:53 | bbbavgd.com | udp |
| US | 8.8.8.8:53 | ytpcakrl.info | udp |
| US | 8.8.8.8:53 | jxjerofhghjg.net | udp |
| US | 8.8.8.8:53 | qkletabqoan.net | udp |
| US | 8.8.8.8:53 | ygnlrifyf.info | udp |
| US | 8.8.8.8:53 | nmkgkejyt.com | udp |
| US | 8.8.8.8:53 | tvvdnib.info | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | pzstmalca.info | udp |
| US | 8.8.8.8:53 | hcwafkg.net | udp |
| US | 8.8.8.8:53 | yqiocmwgqy.org | udp |
| US | 8.8.8.8:53 | dfngddb.net | udp |
| US | 8.8.8.8:53 | lviecyu.com | udp |
| US | 8.8.8.8:53 | zavtarjf.info | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | rztilhdyzcbc.net | udp |
| US | 8.8.8.8:53 | wpwrbbnndqws.info | udp |
| US | 8.8.8.8:53 | ngwrrbhim.net | udp |
| US | 8.8.8.8:53 | ddblqezcaou.net | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | pelznpsc.net | udp |
| US | 8.8.8.8:53 | citezbrdnszk.net | udp |
| US | 8.8.8.8:53 | mgaareiwxmj.net | udp |
| US | 8.8.8.8:53 | lozojukkvrv.net | udp |
| US | 8.8.8.8:53 | nkzaqxzk.net | udp |
| US | 8.8.8.8:53 | wdqkti.net | udp |
| US | 8.8.8.8:53 | ilhdts.info | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | gicmnbvrkp.net | udp |
| US | 8.8.8.8:53 | bswxckbedf.info | udp |
| US | 8.8.8.8:53 | whbmplbxvj.info | udp |
| US | 8.8.8.8:53 | xchslwaev.org | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | tgjeyse.com | udp |
| US | 8.8.8.8:53 | yowwgkycqski.com | udp |
| US | 8.8.8.8:53 | hdszhn.info | udp |
| US | 8.8.8.8:53 | wsycus.com | udp |
| US | 8.8.8.8:53 | vdatdfog.info | udp |
| US | 8.8.8.8:53 | jolzmnprqhyc.net | udp |
| US | 8.8.8.8:53 | jgbpddv.com | udp |
| US | 8.8.8.8:53 | geoqiumwwcom.org | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | gcyogswk.org | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | vmrjrikk.net | udp |
| US | 8.8.8.8:53 | fdeiwhniz.net | udp |
| US | 8.8.8.8:53 | hsnppe.net | udp |
| US | 8.8.8.8:53 | wyfehnr.info | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | reyrarc.com | udp |
| US | 8.8.8.8:53 | gcgmtjgwsaxh.net | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | eytewqvku.info | udp |
| CH | 92.39.55.93:35692 | tcp | |
| US | 8.8.8.8:53 | ezbnqk.info | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | kqjyyppc.info | udp |
| US | 8.8.8.8:53 | uexesqxok.info | udp |
| US | 8.8.8.8:53 | edewsrgpkyrb.info | udp |
| US | 8.8.8.8:53 | dnruxtsj.info | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | tsnmjkpmztx.org | udp |
| US | 8.8.8.8:53 | tfgafsedvn.info | udp |
| US | 8.8.8.8:53 | tfjepibqf.com | udp |
| US | 8.8.8.8:53 | emokcuissycu.com | udp |
| US | 8.8.8.8:53 | mwzpcv.net | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | ecpswyv.net | udp |
| US | 8.8.8.8:53 | xexcryv.net | udp |
| US | 8.8.8.8:53 | bpsewlzlez.net | udp |
| US | 8.8.8.8:53 | wyjmxjqg.net | udp |
| US | 8.8.8.8:53 | pfnkzwk.org | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | bgprtlwltyh.net | udp |
| US | 8.8.8.8:53 | enkvjquggwue.info | udp |
| US | 8.8.8.8:53 | zishjgeyadzl.info | udp |
| US | 8.8.8.8:53 | dghwdn.info | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | ldjjzh.info | udp |
| US | 8.8.8.8:53 | jsbukdfxeg.net | udp |
| US | 8.8.8.8:53 | sjzonex.net | udp |
| US | 8.8.8.8:53 | lcbjrwnm.info | udp |
| US | 8.8.8.8:53 | gyhisypwz.net | udp |
| US | 8.8.8.8:53 | hbwvqwxjzo.net | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | nvvegq.info | udp |
| US | 8.8.8.8:53 | rusmfxqgh.org | udp |
| US | 8.8.8.8:53 | lbjnjw.info | udp |
| US | 8.8.8.8:53 | asgpcmrz.net | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | xmkfjkngf.com | udp |
| US | 8.8.8.8:53 | dwltzegkfyu.org | udp |
| US | 8.8.8.8:53 | itipgvmybh.info | udp |
| US | 8.8.8.8:53 | fclwrxlmjgvq.info | udp |
| US | 8.8.8.8:53 | iiykki.com | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | lzrpirdprk.info | udp |
| US | 8.8.8.8:53 | lwzznebg.info | udp |
| US | 8.8.8.8:53 | wbmufndhrexp.info | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | uiwsmymhgc.info | udp |
| US | 8.8.8.8:53 | qsyqfcm.info | udp |
| US | 8.8.8.8:53 | xuoobentzb.net | udp |
| US | 8.8.8.8:53 | rjcccvsl.net | udp |
| US | 8.8.8.8:53 | rdzyyoqyoflm.net | udp |
| US | 8.8.8.8:53 | mqxeglvb.info | udp |
| BG | 84.40.66.15:43814 | tcp | |
| US | 8.8.8.8:53 | sokmiq.com | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | jpftjmbv.info | udp |
| US | 8.8.8.8:53 | deiujcpwj.net | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | fihstkkur.info | udp |
| US | 8.8.8.8:53 | ygwsyabebux.net | udp |
| US | 8.8.8.8:53 | eugkmayg.org | udp |
| US | 8.8.8.8:53 | euekwmie.org | udp |
| US | 8.8.8.8:53 | syzdpbxmli.net | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | pozidzdzwqde.net | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | oflobwlsivo.info | udp |
| US | 8.8.8.8:53 | opxfgexehd.info | udp |
| US | 8.8.8.8:53 | eglhlgiyt.info | udp |
| US | 8.8.8.8:53 | defslfp.org | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | envevsxcguh.net | udp |
| US | 8.8.8.8:53 | ewnerabk.net | udp |
| US | 8.8.8.8:53 | scplgimkj.info | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | zgdemo.net | udp |
| US | 8.8.8.8:53 | qunopsj.info | udp |
| US | 8.8.8.8:53 | yutwmrhs.info | udp |
| US | 8.8.8.8:53 | hgbgrj.net | udp |
| US | 8.8.8.8:53 | buyfahjveo.info | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | sjfcezt.info | udp |
| US | 8.8.8.8:53 | sjzyogjg.net | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | libjnoxwtex.net | udp |
| US | 8.8.8.8:53 | zutgqznvb.info | udp |
| US | 8.8.8.8:53 | plntpzrn.info | udp |
| US | 8.8.8.8:53 | cucwtenf.net | udp |
| US | 8.8.8.8:53 | qvhrcelgrs.info | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | sgkpdqdpwy.net | udp |
| US | 8.8.8.8:53 | atehmugz.info | udp |
| US | 8.8.8.8:53 | ddprtfhyz.net | udp |
| US | 8.8.8.8:53 | teelaijj.info | udp |
| US | 8.8.8.8:53 | soxyfmhasmk.info | udp |
| US | 8.8.8.8:53 | sbqvrdjmdqu.net | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | qsamam.org | udp |
| US | 8.8.8.8:53 | tzdilurb.info | udp |
| US | 8.8.8.8:53 | rvbjjj.net | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| BG | 109.160.104.68:39171 | tcp | |
| US | 8.8.8.8:53 | tgdizuuvd.info | udp |
| US | 8.8.8.8:53 | cgzqtowog.info | udp |
| US | 8.8.8.8:53 | ugaakuwayo.com | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | zjuubwll.info | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | njhqvet.net | udp |
| US | 8.8.8.8:53 | qztsvs.info | udp |
| US | 8.8.8.8:53 | clpbmqu.net | udp |
| US | 8.8.8.8:53 | feelqqfdqyt.info | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | fnshfc.net | udp |
| US | 8.8.8.8:53 | gqxfij.info | udp |
| US | 8.8.8.8:53 | ombyjgrci.net | udp |
| US | 8.8.8.8:53 | usljhmfr.net | udp |
| US | 8.8.8.8:53 | giekgyskeiik.org | udp |
| US | 8.8.8.8:53 | syzfdpvvjr.net | udp |
| US | 8.8.8.8:53 | tulxsp.info | udp |
| US | 8.8.8.8:53 | vefkzaxebkq.org | udp |
| US | 8.8.8.8:53 | zpnmfwp.com | udp |
| US | 8.8.8.8:53 | bavppixu.net | udp |
| US | 8.8.8.8:53 | schoavb.net | udp |
| US | 8.8.8.8:53 | gkiigu.com | udp |
| US | 8.8.8.8:53 | ddujlzcnjx.net | udp |
| US | 8.8.8.8:53 | nrsyiebahnki.info | udp |
| US | 8.8.8.8:53 | aeuwngsfjf.net | udp |
| US | 8.8.8.8:53 | pcschthacmn.com | udp |
| US | 8.8.8.8:53 | wmtiboxyg.net | udp |
| US | 8.8.8.8:53 | fkgritslx.org | udp |
| US | 8.8.8.8:53 | skqgoq.com | udp |
| US | 8.8.8.8:53 | iokyyk.org | udp |
| US | 8.8.8.8:53 | ptpwnlreeaxo.net | udp |
| US | 8.8.8.8:53 | hyumdqtrmis.org | udp |
| US | 8.8.8.8:53 | druisxvuycrh.info | udp |
| US | 8.8.8.8:53 | eeeiusoc.com | udp |
| US | 8.8.8.8:53 | fyzgfutcx.com | udp |
| US | 8.8.8.8:53 | vahwimbqcwj.com | udp |
| US | 8.8.8.8:53 | agmoomyisg.com | udp |
| US | 8.8.8.8:53 | lflltcsjyewm.net | udp |
| US | 8.8.8.8:53 | dtstyn.net | udp |
| US | 8.8.8.8:53 | ghlsfvr.info | udp |
| LT | 86.100.99.121:40185 | tcp | |
| US | 8.8.8.8:53 | hqntlcdst.info | udp |
| US | 8.8.8.8:53 | yknuzpjoxrq.net | udp |
| US | 8.8.8.8:53 | lttlhzaiisgc.net | udp |
| US | 8.8.8.8:53 | zkjwhjbcsaui.info | udp |
| US | 8.8.8.8:53 | nzprlcgc.info | udp |
| US | 8.8.8.8:53 | zbqtpeerkb.net | udp |
| US | 8.8.8.8:53 | pqqyaqlqbkh.net | udp |
| US | 8.8.8.8:53 | ajlynrfyqrlp.net | udp |
| US | 8.8.8.8:53 | xqowrrn.org | udp |
| US | 8.8.8.8:53 | dsvpbvah.net | udp |
| US | 8.8.8.8:53 | syhizebglra.net | udp |
| US | 8.8.8.8:53 | scogzslctkl.net | udp |
| US | 8.8.8.8:53 | pxsnke.net | udp |
| US | 8.8.8.8:53 | mwakkacumgwm.org | udp |
| US | 8.8.8.8:53 | jzmmpcwv.net | udp |
| US | 8.8.8.8:53 | zuwrljtqss.net | udp |
| US | 8.8.8.8:53 | pefbakjfq.com | udp |
| US | 8.8.8.8:53 | rlsqcunfi.info | udp |
| US | 8.8.8.8:53 | msaeugqyakco.org | udp |
| US | 8.8.8.8:53 | qsoqooseky.org | udp |
| US | 8.8.8.8:53 | ysmeqsuwsm.org | udp |
| US | 8.8.8.8:53 | satcdd.net | udp |
| US | 8.8.8.8:53 | mgcicaekey.org | udp |
| US | 8.8.8.8:53 | aeyzpwjxjc.info | udp |
| US | 8.8.8.8:53 | tmrxnmjrkb.net | udp |
| US | 8.8.8.8:53 | eykwggaqkg.org | udp |
| US | 8.8.8.8:53 | udnshwbxck.net | udp |
| US | 8.8.8.8:53 | ddnqfglgvj.info | udp |
| US | 8.8.8.8:53 | vdtuuhtm.net | udp |
| US | 8.8.8.8:53 | uomieuwsgywa.com | udp |
| US | 8.8.8.8:53 | auvaewrqp.net | udp |
| US | 8.8.8.8:53 | tgugtxb.com | udp |
| US | 8.8.8.8:53 | dkvrwtwyaqr.info | udp |
Files
C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
| MD5 | 1d53beb10b239831053ca4859d3ab42c |
| SHA1 | bea1619698c2f0d35b2cb3ee99a0ba239128dcb1 |
| SHA256 | b27414eecc60a582c5c8d8b7cc1a5a9a96c69de907918770b08c1722b0c85ed4 |
| SHA512 | fe26fcfdb412c46358074a61db033f064f9b3f2727dfda826cfefb0666a18090bf4a4126487d38e90b71b9e4f21d3bf02b169a32b7a712b90f49ff139e059b4e |
C:\Windows\SysWOW64\qewtdythzngypnuufk.exe
| MD5 | c1c90ccb7f44badc91ec2859323fcde2 |
| SHA1 | 0bc90e1a338997eb95cae02f0250a8678d8f25e4 |
| SHA256 | c9fd2f88ae1d80838434f52f63ecc3009bda52cc0b76238121d6068999f13a43 |
| SHA512 | 464ce273e0f3c9f74bff3c864f54d532f89bea43446ca824ca3af93c3802168c41e314166a6084c0e61a43621900394bea820a2b64c8f92ea156f36ce9584e08 |
C:\Users\Admin\AppData\Local\Temp\belxwgq.exe
| MD5 | a0fd73d74740ce5005656073326fd5e0 |
| SHA1 | cba1cb0fa40bd9c285f7a7cb0c2b55f83dd36297 |
| SHA256 | 97688424d198532abb021356bbf72e59e090721fa98c33ca79b8b23cc01a20cf |
| SHA512 | e962d8a54503ca302dbf1b227483435e59719badbb8cb7d0f4e200bbc2395cb8d7b03a98fc832166909408ca5ca6fe87c092c0a08e4fa400e17ddcd8e1444114 |
C:\Users\Admin\AppData\Local\dejtqyghmntycnhusklqaxfnotu.fju
| MD5 | 8dcb8a44b68e3e9ebf517dd1cf1faff4 |
| SHA1 | 4710d27aeb1e48562752b6f7d0775f249ca5e1b7 |
| SHA256 | de8bc35ff4614ae9b7bab6eeade083f86837efb459cf94aa3a4eab16aee5531e |
| SHA512 | ac242218d16679adb7f4e59299a6915e1c30a4bb95abebcf77ca7739233ce534592ae4e9cc1f67024a24e22b5b111d9916ea5b3f4a8249081a1ca208956dd0a9 |
C:\Users\Admin\AppData\Local\amcxfyrdtfwmbxcajmyojrkdpfriynjomvykav.wpb
| MD5 | 65315dfeb57aea8e82086d07c7267677 |
| SHA1 | 2b0af1f6883c6ccbc924da7b41dfd217ed654988 |
| SHA256 | 6932e5a64324cd7301c22703a6c9987b36b9b28aad8d19d03a24e9e144603041 |
| SHA512 | 3f72c5c31b8432b0f0ecd2482b59a149cd240ad080ef44c7fa8c4c38a6556b74f4cabac44d899f0b08bda4ab9875a9086ded0297b6fc3df9fa6213fac30dbdac |
C:\Program Files (x86)\dejtqyghmntycnhusklqaxfnotu.fju
| MD5 | 538a46ffb218bf81d767d75561c2a5d5 |
| SHA1 | 045af7197776445b850b316fba14107c58d8b678 |
| SHA256 | a6493d234497576aad72f3e058a7ce7a649ba1a092846df7deb8113561ebebfd |
| SHA512 | 22b2bcb8cb6f7cbb9ce637de87746ea8a5b667a44daa08c648513b5269f2d56cee185e5bfbc6238441f36ed462cdd88ff6e47dcff22f52b9c1826af832ef6139 |
C:\Program Files (x86)\dejtqyghmntycnhusklqaxfnotu.fju
| MD5 | 6845585354f5f58398b3b0fd94ec90d3 |
| SHA1 | 541e6d300c9c0bdcb100789e5155b4542596454e |
| SHA256 | 0aa85c3f664e94b35829faf0c09ba501cc82bc47e996b95242987200f253afb9 |
| SHA512 | 94fe197eaadbba0225b935a53d154d952557356c75cae5a21fd616d9e359462d66cd847b4fb5b644d6683a2cd80d1c868b4353c9272735e72c7eabc38d300f84 |
C:\Program Files (x86)\dejtqyghmntycnhusklqaxfnotu.fju
| MD5 | fc658e5091cbc49765a05a97196db2c9 |
| SHA1 | 0781d9ab8d81b26587e5767e6a54413bfe650b5b |
| SHA256 | 62bf16e43d71ad62c948838ccd7b93457687aa9550ab28b1c1b0a8e194f93898 |
| SHA512 | 89ac2f1ad98163fc648ec41c21d1a728a9fb1ec2d97a6d3d8f957ecc8cd453675fd67f127451de310077220f8c1f7e03afea48d2c3e1e8de24f80d817da35f06 |
C:\Program Files (x86)\dejtqyghmntycnhusklqaxfnotu.fju
| MD5 | 48a4dd9298dec50a8c5b3776554d742f |
| SHA1 | 822e62e2006ca971ea56ac5f5b4d539e09e5a732 |
| SHA256 | ae518eb7255672fb390e85f8a6577e5c838e80250b9043ee06ef7311a8a9435d |
| SHA512 | 9aa799e3e8ee4351da3063cf4a2aba843343fa818b7620d246cd739e73c6e34f4073983c28546387e797db2e88dc1882992f80ea3501348a25dbf4eed072f7e7 |
C:\Program Files (x86)\dejtqyghmntycnhusklqaxfnotu.fju
| MD5 | 4e58c7e75947e697001348cbbebfe30d |
| SHA1 | df385dc169a50430dd3f5b0d108a733149efe87e |
| SHA256 | 2f533c4c02584e04b51ab4479f635f2168bf81ae2b218fa91830b05f86673a86 |
| SHA512 | 18ab73cf55cb31dac053a530bbf7aa47ffd86707535bb9ec299116ced074ea12076195f9b22d310a88453d68d9bc13ce0c8184c9248f12bf8999dacc5963eddd |
C:\Program Files (x86)\dejtqyghmntycnhusklqaxfnotu.fju
| MD5 | 1fb413363156b9e2ebfa03235c7c4687 |
| SHA1 | b3f0a99ce9c6100ebdc31b0e439c7d8b5cd395e1 |
| SHA256 | 7b67d84e959ff204303fcd66de3248b7db813a51a5fbf0592888a7aa19fec99a |
| SHA512 | d6aca63bdde4c65a64bb8a2c6b0449b7857b1b89465d13066c8829fc642a606553b259f15f8149ae76555c145f071768c6a113f7759acc66ceea29e514222c08 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-04-19 07:07
Reported
2025-04-19 07:09
Platform
win11-20250410-en
Max time kernel
49s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "tieuevqhvjentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieuevqhvjentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haauidcxphgtdxevttdw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrmbxxtmfftezhzyzkef.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrmbxxtmfftezhzyzkef.exe" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "tieuevqhvjentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "umlerljduljvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "wqrmbxxtmfftezhzyzkef.exe" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "jayqcvslbrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "haauidcxphgtdxevttdw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haauidcxphgtdxevttdw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "umlerljduljvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "wqrmbxxtmfftezhzyzkef.exe" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "tieuevqhvjentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnephdvkzvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieuevqhvjentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "jayqcvslbrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlerljduljvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "haauidcxphgtdxevttdw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "umlerljduljvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "tieuevqhvjentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlerljduljvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\crnphytuldftezhzyzqfb.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnephdvkzvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "haauidcxphgtdxevttdw.exe" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nnuhkm = "nbwxoeyyofgtdxevttjx.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlerljduljvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haauidcxphgtdxevttdw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "haauidcxphgtdxevttdw.exe" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieuevqhvjentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnephdvkzvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "haauidcxphgtdxevttdw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "jayqcvslbrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nnuhkm = "pbutiwomapozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "umlerljduljvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "wqrmbxxtmfftezhzyzkef.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haauidcxphgtdxevttdw.exe" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrmbxxtmfftezhzyzkef.exe" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "wqrmbxxtmfftezhzyzkef.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "umlerljduljvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "umlerljduljvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oypafrhtclb = "jayqcvslbrozhzetpn.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oypafrhtclb = "tieuevqhvjentjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwpcjxpdozrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnephdvkzvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcscgrgrzh = "umlerljduljvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haauidcxphgtdxevttdw.exe" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "wqrmbxxtmfftezhzyzkef.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lwoagtkxhrin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlerljduljvexdtqpy.exe ." | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gjtjpudsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbwxoeyyofgtdxevttjx.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haauidcxphgtdxevttdw.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oypafrhtclb = "aqnephdvkzvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieuevqhvjentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwpcjxpdozrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnephdvkzvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcscgrgrzh = "haauidcxphgtdxevttdw.exe" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "aqnephdvkzvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oypafrhtclb = "wqrmbxxtmfftezhzyzkef.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "aqnephdvkzvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrmbxxtmfftezhzyzkef.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lwoagtkxhrin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieuevqhvjentjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnephdvkzvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "wqrmbxxtmfftezhzyzkef.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lwoagtkxhrin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrmbxxtmfftezhzyzkef.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcscgrgrzh = "tieuevqhvjentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "umlerljduljvexdtqpy.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrmbxxtmfftezhzyzkef.exe" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haauidcxphgtdxevttdw.exe ." | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "jayqcvslbrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcscgrgrzh = "wqrmbxxtmfftezhzyzkef.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwpcjxpdozrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrmbxxtmfftezhzyzkef.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haauidcxphgtdxevttdw.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oypafrhtclb = "wqrmbxxtmfftezhzyzkef.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieuevqhvjentjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwpcjxpdozrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haauidcxphgtdxevttdw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcscgrgrzh = "umlerljduljvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "umlerljduljvexdtqpy.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\trwh = "nbwxoeyyofgtdxevttjx.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "umlerljduljvexdtqpy.exe ." | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "jayqcvslbrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oypafrhtclb = "tieuevqhvjentjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwpcjxpdozrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haauidcxphgtdxevttdw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lwoagtkxhrin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnephdvkzvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oypafrhtclb = "wqrmbxxtmfftezhzyzkef.exe ." | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\cbhtv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pbutiwomapozhzetpn.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "jayqcvslbrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "umlerljduljvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnephdvkzvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "jayqcvslbrozhzetpn.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\trwh = "anhhxmfetjjvexdtqpe.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "umlerljduljvexdtqpy.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "tieuevqhvjentjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "tieuevqhvjentjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oypafrhtclb = "tieuevqhvjentjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnephdvkzvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwpcjxpdozrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrmbxxtmfftezhzyzkef.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lwoagtkxhrin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlerljduljvexdtqpy.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcscgrgrzh = "haauidcxphgtdxevttdw.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lwoagtkxhrin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrmbxxtmfftezhzyzkef.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnephdvkzvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "jayqcvslbrozhzetpn.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jayqcvslbrozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqnephdvkzvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nikgwturlfgvhdmffhtoqm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tieuevqhvjentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nikgwturlfgvhdmffhtoqm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tieuevqhvjentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tieuevqhvjentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jayqcvslbrozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqrmbxxtmfftezhzyzkef.exe | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tieuevqhvjentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqnephdvkzvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqrmbxxtmfftezhzyzkef.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqrmbxxtmfftezhzyzkef.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jayqcvslbrozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tieuevqhvjentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nikgwturlfgvhdmffhtoqm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqnephdvkzvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jayqcvslbrozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tieuevqhvjentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nikgwturlfgvhdmffhtoqm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File created | C:\Windows\SysWOW64\tieuevqhvjentjmztpvkgwgxsjxlgpvlobvrxm.yiz | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nikgwturlfgvhdmffhtoqm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jayqcvslbrozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqrmbxxtmfftezhzyzkef.exe | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jayqcvslbrozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nikgwturlfgvhdmffhtoqm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tieuevqhvjentjmz.exe | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tieuevqhvjentjmztpvkgwgxsjxlgpvlobvrxm.yiz | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jayqcvslbrozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqnephdvkzvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jayqcvslbrozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tieuevqhvjentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqrmbxxtmfftezhzyzkef.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tieuevqhvjentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqrmbxxtmfftezhzyzkef.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tieuevqhvjentjmz.exe | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nikgwturlfgvhdmffhtoqm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqrmbxxtmfftezhzyzkef.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jayqcvslbrozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqrmbxxtmfftezhzyzkef.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tieuevqhvjentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\walqpvflorbzuzrtcnimxcbhrxa.nlg | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| File created | C:\Program Files (x86)\walqpvflorbzuzrtcnimxcbhrxa.nlg | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| File opened for modification | C:\Program Files (x86)\tieuevqhvjentjmztpvkgwgxsjxlgpvlobvrxm.yiz | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| File created | C:\Program Files (x86)\tieuevqhvjentjmztpvkgwgxsjxlgpvlobvrxm.yiz | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\aqnephdvkzvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\wqrmbxxtmfftezhzyzkef.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\tieuevqhvjentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\jayqcvslbrozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\jayqcvslbrozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\aqnephdvkzvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| File opened for modification | C:\Windows\nikgwturlfgvhdmffhtoqm.exe | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| File opened for modification | C:\Windows\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\nikgwturlfgvhdmffhtoqm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\wqrmbxxtmfftezhzyzkef.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| File opened for modification | C:\Windows\aqnephdvkzvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\jayqcvslbrozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\tieuevqhvjentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\jayqcvslbrozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\tieuevqhvjentjmz.exe | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| File opened for modification | C:\Windows\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\jayqcvslbrozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\nikgwturlfgvhdmffhtoqm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\wqrmbxxtmfftezhzyzkef.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\tieuevqhvjentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\jayqcvslbrozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\nikgwturlfgvhdmffhtoqm.exe | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| File opened for modification | C:\Windows\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\aqnephdvkzvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| File opened for modification | C:\Windows\jayqcvslbrozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\aqnephdvkzvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\jayqcvslbrozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\wqrmbxxtmfftezhzyzkef.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\tieuevqhvjentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\jayqcvslbrozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\wqrmbxxtmfftezhzyzkef.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\nikgwturlfgvhdmffhtoqm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\haauidcxphgtdxevttdw.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\aqnephdvkzvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\wqrmbxxtmfftezhzyzkef.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\tieuevqhvjentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\umlerljduljvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\aqnephdvkzvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\nikgwturlfgvhdmffhtoqm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\jayqcvslbrozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\tieuevqhvjentjmztpvkgwgxsjxlgpvlobvrxm.yiz | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| File opened for modification | C:\Windows\wqrmbxxtmfftezhzyzkef.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\nikgwturlfgvhdmffhtoqm.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wqrmbxxtmfftezhzyzkef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\crnphytuldftezhzyzqfb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wqrmbxxtmfftezhzyzkef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqnephdvkzvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cbhtv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tieuevqhvjentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\haauidcxphgtdxevttdw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\crnphytuldftezhzyzqfb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\haauidcxphgtdxevttdw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tieuevqhvjentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\haauidcxphgtdxevttdw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wqrmbxxtmfftezhzyzkef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\haauidcxphgtdxevttdw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jayqcvslbrozhzetpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\haauidcxphgtdxevttdw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tieuevqhvjentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jayqcvslbrozhzetpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\umlerljduljvexdtqpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\nbwxoeyyofgtdxevttjx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\nbwxoeyyofgtdxevttjx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wqrmbxxtmfftezhzyzkef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\haauidcxphgtdxevttdw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tieuevqhvjentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\grjhvizwjxvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wqrmbxxtmfftezhzyzkef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\umlerljduljvexdtqpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\haauidcxphgtdxevttdw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\haauidcxphgtdxevttdw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wqrmbxxtmfftezhzyzkef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe"
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c1c90ccb7f44badc91ec2859323fcde2.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe
"C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c1c90ccb7f44badc91ec2859323fcde2.exe"
C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe
"C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c1c90ccb7f44badc91ec2859323fcde2.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe .
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jayqcvslbrozhzetpn.exe*."
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jayqcvslbrozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe .
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\aqnephdvkzvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jayqcvslbrozhzetpn.exe*."
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anhhxmfetjjvexdtqpe.exe
C:\Windows\anhhxmfetjjvexdtqpe.exe
anhhxmfetjjvexdtqpe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbwxoeyyofgtdxevttjx.exe .
C:\Windows\nbwxoeyyofgtdxevttjx.exe
nbwxoeyyofgtdxevttjx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crnphytuldftezhzyzqfb.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\nbwxoeyyofgtdxevttjx.exe*."
C:\Windows\crnphytuldftezhzyzqfb.exe
crnphytuldftezhzyzqfb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbwxoeyyofgtdxevttjx.exe .
C:\Windows\nbwxoeyyofgtdxevttjx.exe
nbwxoeyyofgtdxevttjx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\nbwxoeyyofgtdxevttjx.exe*."
C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\grjhvizwjxvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe
C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe .
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anhhxmfetjjvexdtqpe.exe*."
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\aqnephdvkzvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jayqcvslbrozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jayqcvslbrozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anhhxmfetjjvexdtqpe.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .
C:\Windows\anhhxmfetjjvexdtqpe.exe
anhhxmfetjjvexdtqpe.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbwxoeyyofgtdxevttjx.exe .
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jayqcvslbrozhzetpn.exe*."
C:\Windows\nbwxoeyyofgtdxevttjx.exe
nbwxoeyyofgtdxevttjx.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\nbwxoeyyofgtdxevttjx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anhhxmfetjjvexdtqpe.exe
C:\Windows\anhhxmfetjjvexdtqpe.exe
anhhxmfetjjvexdtqpe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crnphytuldftezhzyzqfb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe
C:\Windows\crnphytuldftezhzyzqfb.exe
crnphytuldftezhzyzqfb.exe .
C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\crnphytuldftezhzyzqfb.exe*."
C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe
C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe .
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\nbwxoeyyofgtdxevttjx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe .
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\aqnephdvkzvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe .
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\pbutiwomapozhzetpn.exe*."
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe .
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe .
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\aqnephdvkzvfmdhvq.exe*."
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jayqcvslbrozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbwxoeyyofgtdxevttjx.exe
C:\Windows\nbwxoeyyofgtdxevttjx.exe
nbwxoeyyofgtdxevttjx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c grjhvizwjxvfmdhvq.exe .
C:\Windows\grjhvizwjxvfmdhvq.exe
grjhvizwjxvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c grjhvizwjxvfmdhvq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\grjhvizwjxvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Windows\grjhvizwjxvfmdhvq.exe
grjhvizwjxvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anhhxmfetjjvexdtqpe.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\anhhxmfetjjvexdtqpe.exe
anhhxmfetjjvexdtqpe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anhhxmfetjjvexdtqpe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\grjhvizwjxvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe
C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe .
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\pbutiwomapozhzetpn.exe*."
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe .
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\aqnephdvkzvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jayqcvslbrozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jayqcvslbrozhzetpn.exe*."
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe .
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\aqnephdvkzvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe .
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\aqnephdvkzvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbutiwomapozhzetpn.exe
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe .
C:\Windows\pbutiwomapozhzetpn.exe
pbutiwomapozhzetpn.exe
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c grjhvizwjxvfmdhvq.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\aqnephdvkzvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .
C:\Windows\grjhvizwjxvfmdhvq.exe
grjhvizwjxvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\grjhvizwjxvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jayqcvslbrozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zjaxkwmiuhentjmz.exe
C:\Windows\zjaxkwmiuhentjmz.exe
zjaxkwmiuhentjmz.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c grjhvizwjxvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Windows\grjhvizwjxvfmdhvq.exe
grjhvizwjxvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe
C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe
C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\grjhvizwjxvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\zjaxkwmiuhentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe .
C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe
C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\crnphytuldftezhzyzqfb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe .
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\aqnephdvkzvfmdhvq.exe*."
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe .
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\aqnephdvkzvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .
C:\Windows\tieuevqhvjentjmz.exe
tieuevqhvjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .
C:\Windows\haauidcxphgtdxevttdw.exe
haauidcxphgtdxevttdw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."
C:\Windows\aqnephdvkzvfmdhvq.exe
aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\wqrmbxxtmfftezhzyzkef.exe
wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."
C:\Windows\umlerljduljvexdtqpy.exe
umlerljduljvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .
C:\Windows\jayqcvslbrozhzetpn.exe
jayqcvslbrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zjaxkwmiuhentjmz.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Windows\zjaxkwmiuhentjmz.exe
zjaxkwmiuhentjmz.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbwxoeyyofgtdxevttjx.exe .
C:\Windows\nbwxoeyyofgtdxevttjx.exe
nbwxoeyyofgtdxevttjx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\nbwxoeyyofgtdxevttjx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c anhhxmfetjjvexdtqpe.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Windows\anhhxmfetjjvexdtqpe.exe
anhhxmfetjjvexdtqpe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c grjhvizwjxvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe
C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
C:\Windows\grjhvizwjxvfmdhvq.exe
grjhvizwjxvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| NL | 142.250.153.93:80 | www.youtube.com | tcp |
| LT | 78.62.236.188:30550 | tcp | |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | wokhwvhmirnc.net | udp |
| US | 8.8.8.8:53 | uowagyqi.com | udp |
| RO | 85.122.123.27:44519 | tcp | |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| BG | 95.42.63.1:13497 | tcp | |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| GR | 109.242.50.35:41557 | tcp | |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | efnnkqbsuqm.net | udp |
| ES | 79.113.243.221:23907 | tcp | |
| US | 8.8.8.8:53 | coggoagggmuy.com | udp |
| IT | 88.147.68.25:20703 | tcp | |
| US | 8.8.8.8:53 | jpukmvxmce.info | udp |
| US | 8.8.8.8:53 | rqwmrqj.net | udp |
| RU | 95.105.22.121:40201 | tcp | |
| US | 8.8.8.8:53 | wsxirthvp.net | udp |
| BG | 89.215.109.146:25938 | tcp | |
| US | 8.8.8.8:53 | nihubgvehrr.net | udp |
| US | 8.8.8.8:53 | nvlttn.net | udp |
| US | 8.8.8.8:53 | ekeeyusaiska.org | udp |
| BG | 46.252.57.215:18405 | tcp | |
| US | 8.8.8.8:53 | dmbuukry.net | udp |
| US | 8.8.8.8:53 | nhcajwkz.net | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| MD | 149.3.187.8:23569 | tcp | |
| US | 8.8.8.8:53 | guwndakyi.info | udp |
| US | 8.8.8.8:53 | cuncqyqqo.net | udp |
| US | 8.8.8.8:53 | kvbyavyvdrdy.info | udp |
| BG | 212.75.5.130:26152 | tcp | |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | tkwhaxlatvyv.net | udp |
| BG | 84.252.59.140:35409 | tcp | |
| BG | 93.123.124.231:32816 | tcp | |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | argslozxppdx.info | udp |
| US | 8.8.8.8:53 | agrwzyb.net | udp |
| US | 8.8.8.8:53 | qorefkfuo.net | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | pivefep.info | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | nwbqsko.com | udp |
| US | 8.8.8.8:53 | rwhqlqsol.net | udp |
| LT | 78.58.26.242:13293 | tcp | |
| US | 8.8.8.8:53 | aokkvrrwivma.net | udp |
| US | 8.8.8.8:53 | yueltn.net | udp |
| US | 8.8.8.8:53 | cgbvbbqerv.net | udp |
| US | 8.8.8.8:53 | rorozzcygruu.net | udp |
| US | 8.8.8.8:53 | rqrjjnv.net | udp |
| US | 8.8.8.8:53 | jeviav.info | udp |
| US | 8.8.8.8:53 | smzonuquznv.net | udp |
| US | 8.8.8.8:53 | otrdsqbv.net | udp |
| US | 8.8.8.8:53 | tstgdjrgnom.info | udp |
| US | 8.8.8.8:53 | ualdfs.net | udp |
| US | 8.8.8.8:53 | usvefto.net | udp |
| US | 8.8.8.8:53 | kyasawiyeoiu.org | udp |
| US | 8.8.8.8:53 | awcgsgqc.org | udp |
| BG | 88.80.105.159:37887 | tcp | |
| US | 8.8.8.8:53 | zddfdf.info | udp |
| US | 8.8.8.8:53 | uecvowhs.net | udp |
| US | 8.8.8.8:53 | urmsttjqvxfz.net | udp |
| US | 8.8.8.8:53 | fmuqilerlmfe.info | udp |
| US | 8.8.8.8:53 | cgzqtowog.info | udp |
| US | 8.8.8.8:53 | pavqdebrdkt.org | udp |
| US | 8.8.8.8:53 | fyrvcyux.info | udp |
| US | 8.8.8.8:53 | kicisemu.com | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | uqbstkr.info | udp |
| US | 8.8.8.8:53 | zwxtlvjvvjw.net | udp |
| US | 8.8.8.8:53 | sxndxcwtpl.net | udp |
| US | 8.8.8.8:53 | viymxqmw.info | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | uikspu.net | udp |
| US | 8.8.8.8:53 | adauloj.net | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | nkpslafzcbcw.info | udp |
| US | 8.8.8.8:53 | hgfewubadcy.info | udp |
| US | 8.8.8.8:53 | jfiztbfjzr.info | udp |
| US | 8.8.8.8:53 | usljhmfr.net | udp |
| US | 8.8.8.8:53 | giekgyskeiik.org | udp |
| US | 8.8.8.8:53 | phnzdhzeyg.net | udp |
| US | 8.8.8.8:53 | bavppixu.net | udp |
| US | 8.8.8.8:53 | ikqqyzd.net | udp |
| US | 8.8.8.8:53 | fkgritslx.org | udp |
| US | 8.8.8.8:53 | acxgvejehco.net | udp |
| US | 8.8.8.8:53 | ezneff.net | udp |
| US | 8.8.8.8:53 | psvzcsqp.info | udp |
| US | 8.8.8.8:53 | prayrbk.com | udp |
| US | 8.8.8.8:53 | ptpwnlreeaxo.net | udp |
| US | 8.8.8.8:53 | gbfyjgdh.net | udp |
| US | 8.8.8.8:53 | rrdehmbnzbrb.info | udp |
| US | 8.8.8.8:53 | xpvaddgd.net | udp |
| US | 8.8.8.8:53 | szdkfpvn.info | udp |
| US | 8.8.8.8:53 | gzqipc.net | udp |
| US | 8.8.8.8:53 | oflazb.net | udp |
| US | 8.8.8.8:53 | adckcdeycac.info | udp |
| US | 8.8.8.8:53 | pbasdrkiuq.net | udp |
| US | 8.8.8.8:53 | xdvktnhshul.com | udp |
| US | 8.8.8.8:53 | uomieuwsgywa.com | udp |
| US | 8.8.8.8:53 | dacezd.info | udp |
| US | 8.8.8.8:53 | ysuomkgi.org | udp |
| US | 8.8.8.8:53 | fzkrxmam.info | udp |
| US | 8.8.8.8:53 | uvbrhg.net | udp |
| US | 8.8.8.8:53 | uqqkoe.com | udp |
| US | 8.8.8.8:53 | sooyke.org | udp |
| US | 8.8.8.8:53 | dmccgazbn.com | udp |
| US | 8.8.8.8:53 | iuvcuzlqv.net | udp |
| US | 8.8.8.8:53 | bunfqutcqmx.info | udp |
| US | 8.8.8.8:53 | fbkxsw.net | udp |
| US | 8.8.8.8:53 | fgqqgegwvd.info | udp |
| US | 8.8.8.8:53 | nqnyfz.net | udp |
| US | 8.8.8.8:53 | ieeekeey.com | udp |
| US | 8.8.8.8:53 | nfcfdjjcpv.net | udp |
| US | 8.8.8.8:53 | bujydax.net | udp |
| US | 8.8.8.8:53 | fubkmhtkz.net | udp |
| US | 8.8.8.8:53 | mqmasqmo.com | udp |
| US | 8.8.8.8:53 | vcdysxm.org | udp |
| US | 8.8.8.8:53 | qslahxz.net | udp |
Files
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
| MD5 | ab03c21a2c11e94db0624c686d8e7a56 |
| SHA1 | e1a4f9cd54633907b3df6cb029fcf08965cadf70 |
| SHA256 | 7a1c2cc6d6ad2a0c0b95ab325c4a9840bdc559afd266cb2915740f9bdcc078a8 |
| SHA512 | b698ff761767a16db4a7f1de7066d5c16fa5b55844cb63c3892b815301f457db75ac95bab89c55433c3d1ed7971eed67448225f61625dac2f7dd15c44f3d7702 |
C:\Windows\SysWOW64\jayqcvslbrozhzetpn.exe
| MD5 | c1c90ccb7f44badc91ec2859323fcde2 |
| SHA1 | 0bc90e1a338997eb95cae02f0250a8678d8f25e4 |
| SHA256 | c9fd2f88ae1d80838434f52f63ecc3009bda52cc0b76238121d6068999f13a43 |
| SHA512 | 464ce273e0f3c9f74bff3c864f54d532f89bea43446ca824ca3af93c3802168c41e314166a6084c0e61a43621900394bea820a2b64c8f92ea156f36ce9584e08 |
C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe
| MD5 | d45b10f6f5acf8189f20b5bba0e53d04 |
| SHA1 | 7ca2824e8ee5c19651d2a6b72e329046f7e20ece |
| SHA256 | 6afc9d75bdecbecfde1e90f990c91d3b6365ca9ee1acf5378c43fef124f82d65 |
| SHA512 | d717301381c12c12cbd0f11e40658465fa5ffb91b97c4a26c257bb9e5c2d8f9f7b352cffdfe64713bb32bfddd3c70737aca25645d415503eb659a7e8eb8542af |
C:\Users\Admin\AppData\Local\walqpvflorbzuzrtcnimxcbhrxa.nlg
| MD5 | 6428e106a0309c5a4569246df491f4a0 |
| SHA1 | ed9e3177714ac640ecfb22f4faa6bf0bc7d58d65 |
| SHA256 | 8b2ec4172dbcea9a8cc814bd5346fc79bf5e3454dcd6d725ca5096648cd031d4 |
| SHA512 | 10483b3b03b15c26272c9ee44af2b831ce58657a91ff6bc4aa5af60a0ab45c1df15e89e1be1b0f9f4ddbff7747be295fdbcb44f5e8647f4ba7cc2697dea84b7d |
C:\Users\Admin\AppData\Local\tieuevqhvjentjmztpvkgwgxsjxlgpvlobvrxm.yiz
| MD5 | 0d5ecb7cdb79a26d8d7d24b92bceca96 |
| SHA1 | 73240f891180525c7a632e8d4dd47ee69e0257d1 |
| SHA256 | 0ebe8d62c5670a58f22742dac5f53a4b8e2512836fd5712890bfcd24f66e7dc9 |
| SHA512 | 480268f5635da37fcc999be5a520ac5900057549311b2750aff199dc9d0769aca7937ac3a92a4644de2e0c32f90437251b5f1ebdc4296dcaf0da767b755c35b7 |
C:\Program Files (x86)\walqpvflorbzuzrtcnimxcbhrxa.nlg
| MD5 | 48a834b3f09e5e3e4f9f0f90d42cd855 |
| SHA1 | 50c4cf4edca879dc300303f724e730135d392360 |
| SHA256 | d252fe0b38bf7d8215e681d19a086fb478633aba81bff9bae5229c8932189bd7 |
| SHA512 | ea067160a9c2826d00c3e3ace2fed9a3980ae0d172fbfd9622ac131d197535a8dac40e02a558bf158fdfce15eb30eb47eb10fc38cea22f4e1c15a657e5eb276c |
C:\Program Files (x86)\walqpvflorbzuzrtcnimxcbhrxa.nlg
| MD5 | cc8b73e87109c25a0603ddfcdbe6d639 |
| SHA1 | 6cc19df3b3599af0a19528121e8bacb219907532 |
| SHA256 | b263668aa3fdd82fe3281be9114206a23ddb717f37faca851e77940a6129b6dc |
| SHA512 | 11b4963e9a58ef34c9ab1168bf32e33b5166bb31c50fd478483ced3b4e0fa4c50f660b5a9835388dc068ab01105faab30c659ea45ebe24307f75841c0c7bea68 |
C:\Program Files (x86)\walqpvflorbzuzrtcnimxcbhrxa.nlg
| MD5 | d3538d781c3dd979babc82cac2b5c924 |
| SHA1 | be66c2dabf7a09579d32b0f853deeb9391610300 |
| SHA256 | 4d3cdffecc47414d72088476ee62badbc4cf5d84a7efdb3a652eb33187862cb5 |
| SHA512 | 7b8ee11f8d417012c30b4fdd489916bebebad09af3ae0830718d13a66136523173e570679ef7ec7081f67217dccebf63f16bf7c3b3b7fb91c6cdd43187b8b2db |
C:\Program Files (x86)\walqpvflorbzuzrtcnimxcbhrxa.nlg
| MD5 | be22d7d254c2a69da83a8973d2757a59 |
| SHA1 | 48a3fb7b72135b82762fc8f26be559bbfaaf5a0f |
| SHA256 | b40aa4b7ce8890d4feb340ea452b7feb46f749c4f8905ad631322dda54fcd343 |
| SHA512 | f1eb482ef3079a2b7316a2b6aea842baf2edd89b0e66c325a4de8b4a0e3431b46d97566283c3161c84470305766363507bca1490a930c7ea27b7c3213f59edb9 |
C:\Program Files (x86)\walqpvflorbzuzrtcnimxcbhrxa.nlg
| MD5 | 40ae75f3cd1cd5b29b28b372a4cfe87f |
| SHA1 | 60d3c02c942dcfe0af99d02d2876271803900ec8 |
| SHA256 | 30c9b19f4748e3bbaf1468a39977885975a76f621172b8ead58443e452b74d98 |
| SHA512 | b525620806272ad1541629aae14fc25200e087e313cf24c5211066393a01d2c1fa04fbdc157d1d4e536d74694a980c8b65febf923c106e6fb277006eb96a394f |