Analysis Overview
SHA256
25513f2b017ee242a254117f14ff49bb55f034a64265724e8e76d49a696b2d60
Threat Level: Known bad
The file JaffaCakes118_c5053b6a278897cf8629be4ba93b3030 was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Pykspa family
Pykspa
Modifies WinLogon for persistence
Detect Pykspa worm
Disables RegEdit via registry modification
Adds policy Run key to start application
Impair Defenses: Safe Mode Boot
Executes dropped EXE
Checks computer location settings
Hijack Execution Flow: Executable Installer File Permissions Weakness
Adds Run key to start application
Looks up external IP address via web service
Checks whether UAC is enabled
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
System policy modification
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-20 07:24
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-20 07:24
Reported
2025-04-20 07:26
Platform
win10v2004-20250410-en
Max time kernel
30s
Max time network
152s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "ynhyxnjdrkhvniqhilc.exe" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erjyvjdvhytfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbwoofcxmgetmirjlphx.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynhyxnjdrkhvniqhilc.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "lbwoofcxmgetmirjlphx.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbukixslyqmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbwoofcxmgetmirjlphx.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arnghzxtjedtnkunqvofb.exe" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erjyvjdvhytfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "arnghzxtjedtnkunqvofb.exe" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arnghzxtjedtnkunqvofb.exe" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "erjyvjdvhytfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "xjaokxqhsicncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynhyxnjdrkhvniqhilc.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynhyxnjdrkhvniqhilc.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbwoofcxmgetmirjlphx.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "xjaokxqhsicncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "nbukixslyqmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "erjyvjdvhytfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "nbukixslyqmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "ynhyxnjdrkhvniqhilc.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "arnghzxtjedtnkunqvofb.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynhyxnjdrkhvniqhilc.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "lbwoofcxmgetmirjlphx.exe" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "lbwoofcxmgetmirjlphx.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "arnghzxtjedtnkunqvofb.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\xjaokxqhsicncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\ynhyxnjdrkhvniqhilc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\erjyvjdvhytfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\ynhyxnjdrkhvniqhilc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\xjaokxqhsicncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\nbukixslyqmzqkrhhj.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\arnghzxtjedtnkunqvofb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\erjyvjdvhytfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\xjaokxqhsicncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\nbukixslyqmzqkrhhj.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\nbukixslyqmzqkrhhj.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\xjaokxqhsicncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\xjaokxqhsicncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\arnghzxtjedtnkunqvofb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\lbwoofcxmgetmirjlphx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\lbwoofcxmgetmirjlphx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\ynhyxnjdrkhvniqhilc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\arnghzxtjedtnkunqvofb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\xjaokxqhsicncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\nbukixslyqmzqkrhhj.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\arnghzxtjedtnkunqvofb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\ynhyxnjdrkhvniqhilc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\nbukixslyqmzqkrhhj.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\ynhyxnjdrkhvniqhilc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\arnghzxtjedtnkunqvofb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\xjaokxqhsicncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\ynhyxnjdrkhvniqhilc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\lbwoofcxmgetmirjlphx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\ynhyxnjdrkhvniqhilc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\ynhyxnjdrkhvniqhilc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\xjaokxqhsicncuzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\xjaokxqhsicncuzn.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "erjyvjdvhytfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbwoofcxmgetmirjlphx.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xjaokxqhsicncuzn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbwoofcxmgetmirjlphx.exe" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdtgbnfvfunxlcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erjyvjdvhytfvouji.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "ynhyxnjdrkhvniqhilc.exe" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "arnghzxtjedtnkunqvofb.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oxlwpzpdlypxj = "erjyvjdvhytfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "lbwoofcxmgetmirjlphx.exe" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oxlwpzpdlypxj = "erjyvjdvhytfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xjaokxqhsicncuzn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynhyxnjdrkhvniqhilc.exe" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe ." | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbwoofcxmgetmirjlphx.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbukixslyqmzqkrhhj.exe ." | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoaufwluiajwm = "ynhyxnjdrkhvniqhilc.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erjyvjdvhytfvouji.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "ynhyxnjdrkhvniqhilc.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "xjaokxqhsicncuzn.exe ." | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoaufwluiajwm = "xjaokxqhsicncuzn.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xjaokxqhsicncuzn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "arnghzxtjedtnkunqvofb.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbukixslyqmzqkrhhj.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "erjyvjdvhytfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "xjaokxqhsicncuzn.exe ." | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "nbukixslyqmzqkrhhj.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdtgbnfvfunxlcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdtgbnfvfunxlcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "arnghzxtjedtnkunqvofb.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdtgbnfvfunxlcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erjyvjdvhytfvouji.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoaufwluiajwm = "xjaokxqhsicncuzn.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbukixslyqmzqkrhhj.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "xjaokxqhsicncuzn.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdtgbnfvfunxlcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erjyvjdvhytfvouji.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "ynhyxnjdrkhvniqhilc.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oxlwpzpdlypxj = "lbwoofcxmgetmirjlphx.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdtgbnfvfunxlcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xjaokxqhsicncuzn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arnghzxtjedtnkunqvofb.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xjaokxqhsicncuzn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erjyvjdvhytfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oxlwpzpdlypxj = "lbwoofcxmgetmirjlphx.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "ynhyxnjdrkhvniqhilc.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xjaokxqhsicncuzn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arnghzxtjedtnkunqvofb.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdtgbnfvfunxlcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbukixslyqmzqkrhhj.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oxlwpzpdlypxj = "nbukixslyqmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "lbwoofcxmgetmirjlphx.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oxlwpzpdlypxj = "lbwoofcxmgetmirjlphx.exe" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xjaokxqhsicncuzn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arnghzxtjedtnkunqvofb.exe" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "ynhyxnjdrkhvniqhilc.exe ." | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xjaokxqhsicncuzn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbukixslyqmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erjyvjdvhytfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbwoofcxmgetmirjlphx.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "erjyvjdvhytfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdtgbnfvfunxlcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erjyvjdvhytfvouji.exe ." | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "ynhyxnjdrkhvniqhilc.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdtgbnfvfunxlcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arnghzxtjedtnkunqvofb.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oxlwpzpdlypxj = "ynhyxnjdrkhvniqhilc.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbwoofcxmgetmirjlphx.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erjyvjdvhytfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoaufwluiajwm = "erjyvjdvhytfvouji.exe ." | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoaufwluiajwm = "xjaokxqhsicncuzn.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbwoofcxmgetmirjlphx.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\xjaokxqhsicncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjgacvurieevqoztxdxpmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arnghzxtjedtnkunqvofb.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xjaokxqhsicncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erjyvjdvhytfvouji.exe | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xjaokxqhsicncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ynhyxnjdrkhvniqhilc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erjyvjdvhytfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lbwoofcxmgetmirjlphx.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arnghzxtjedtnkunqvofb.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ynhyxnjdrkhvniqhilc.exe | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arnghzxtjedtnkunqvofb.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erjyvjdvhytfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xjaokxqhsicncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ynhyxnjdrkhvniqhilc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erjyvjdvhytfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lbwoofcxmgetmirjlphx.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjgacvurieevqoztxdxpmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ynhyxnjdrkhvniqhilc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erjyvjdvhytfvouji.exe | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ynhyxnjdrkhvniqhilc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arnghzxtjedtnkunqvofb.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erjyvjdvhytfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arnghzxtjedtnkunqvofb.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xjaokxqhsicncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xjaokxqhsicncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lbwoofcxmgetmirjlphx.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ynhyxnjdrkhvniqhilc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lbwoofcxmgetmirjlphx.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjgacvurieevqoztxdxpmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lbwoofcxmgetmirjlphx.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjgacvurieevqoztxdxpmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lbwoofcxmgetmirjlphx.exe | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjgacvurieevqoztxdxpmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lbwoofcxmgetmirjlphx.exe | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjgacvurieevqoztxdxpmg.exe | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjgacvurieevqoztxdxpmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arnghzxtjedtnkunqvofb.exe | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erjyvjdvhytfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjgacvurieevqoztxdxpmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arnghzxtjedtnkunqvofb.exe | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ynhyxnjdrkhvniqhilc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erjyvjdvhytfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xjaokxqhsicncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lbwoofcxmgetmirjlphx.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xjaokxqhsicncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ynhyxnjdrkhvniqhilc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjgacvurieevqoztxdxpmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arnghzxtjedtnkunqvofb.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xjaokxqhsicncuzn.exe | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bxywczcdyycxwynltdbxyw.zcd | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjgacvurieevqoztxdxpmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arnghzxtjedtnkunqvofb.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xjaokxqhsicncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\bxywczcdyycxwynltdbxyw.zcd | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File created | C:\Program Files (x86)\bxywczcdyycxwynltdbxyw.zcd | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Program Files (x86)\szlulthtzkzfpcclezipbkbjxjpapvfss.upy | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File created | C:\Program Files (x86)\szlulthtzkzfpcclezipbkbjxjpapvfss.upy | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\rjgacvurieevqoztxdxpmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File created | C:\Windows\szlulthtzkzfpcclezipbkbjxjpapvfss.upy | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\erjyvjdvhytfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\xjaokxqhsicncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\nbukixslyqmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\arnghzxtjedtnkunqvofb.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\nbukixslyqmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\ynhyxnjdrkhvniqhilc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\lbwoofcxmgetmirjlphx.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\ynhyxnjdrkhvniqhilc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\rjgacvurieevqoztxdxpmg.exe | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\erjyvjdvhytfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\lbwoofcxmgetmirjlphx.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\erjyvjdvhytfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\rjgacvurieevqoztxdxpmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\arnghzxtjedtnkunqvofb.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\xjaokxqhsicncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\ynhyxnjdrkhvniqhilc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\szlulthtzkzfpcclezipbkbjxjpapvfss.upy | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\lbwoofcxmgetmirjlphx.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\lbwoofcxmgetmirjlphx.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\rjgacvurieevqoztxdxpmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\arnghzxtjedtnkunqvofb.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\arnghzxtjedtnkunqvofb.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\erjyvjdvhytfvouji.exe | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\arnghzxtjedtnkunqvofb.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\xjaokxqhsicncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\arnghzxtjedtnkunqvofb.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\ynhyxnjdrkhvniqhilc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\arnghzxtjedtnkunqvofb.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\nbukixslyqmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\nbukixslyqmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\bxywczcdyycxwynltdbxyw.zcd | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\xjaokxqhsicncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\nbukixslyqmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\nbukixslyqmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\xjaokxqhsicncuzn.exe | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File created | C:\Windows\bxywczcdyycxwynltdbxyw.zcd | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\arnghzxtjedtnkunqvofb.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\ynhyxnjdrkhvniqhilc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\lbwoofcxmgetmirjlphx.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\arnghzxtjedtnkunqvofb.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\erjyvjdvhytfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\arnghzxtjedtnkunqvofb.exe | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\xjaokxqhsicncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\xjaokxqhsicncuzn.exe | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\lbwoofcxmgetmirjlphx.exe | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\rjgacvurieevqoztxdxpmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\ynhyxnjdrkhvniqhilc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\erjyvjdvhytfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\lbwoofcxmgetmirjlphx.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\rjgacvurieevqoztxdxpmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\xjaokxqhsicncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\nbukixslyqmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\ynhyxnjdrkhvniqhilc.exe | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\lbwoofcxmgetmirjlphx.exe | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\erjyvjdvhytfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\erjyvjdvhytfvouji.exe | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| File opened for modification | C:\Windows\rjgacvurieevqoztxdxpmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\xjaokxqhsicncuzn.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\nbukixslyqmzqkrhhj.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\arnghzxtjedtnkunqvofb.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\lbwoofcxmgetmirjlphx.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\erjyvjdvhytfvouji.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\nbukixslyqmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ynhyxnjdrkhvniqhilc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xjaokxqhsicncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xjaokxqhsicncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xjaokxqhsicncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xjaokxqhsicncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ynhyxnjdrkhvniqhilc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\nbukixslyqmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xjaokxqhsicncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lbwoofcxmgetmirjlphx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\nbukixslyqmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xjaokxqhsicncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ynhyxnjdrkhvniqhilc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lbwoofcxmgetmirjlphx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\arnghzxtjedtnkunqvofb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xjaokxqhsicncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ynhyxnjdrkhvniqhilc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\arnghzxtjedtnkunqvofb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\arnghzxtjedtnkunqvofb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ynhyxnjdrkhvniqhilc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xjaokxqhsicncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ynhyxnjdrkhvniqhilc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\arnghzxtjedtnkunqvofb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ynhyxnjdrkhvniqhilc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\erjyvjdvhytfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lbwoofcxmgetmirjlphx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xjaokxqhsicncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lbwoofcxmgetmirjlphx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\nbukixslyqmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ynhyxnjdrkhvniqhilc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe"
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c5053b6a278897cf8629be4ba93b3030.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."
C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe
"C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe" "-C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe
"C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe" "-C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe .
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe .
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe .
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe .
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe .
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe .
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Windows\erjyvjdvhytfvouji.exe
erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Windows\xjaokxqhsicncuzn.exe
xjaokxqhsicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe
C:\Windows\ynhyxnjdrkhvniqhilc.exe
ynhyxnjdrkhvniqhilc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe
C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Windows\nbukixslyqmzqkrhhj.exe
nbukixslyqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."
C:\Windows\arnghzxtjedtnkunqvofb.exe
arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Windows\lbwoofcxmgetmirjlphx.exe
lbwoofcxmgetmirjlphx.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 142.250.145.136:80 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| BY | 178.122.162.202:27691 | tcp | |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | persnzi.org | udp |
| US | 8.8.8.8:53 | nxcrjzp.net | udp |
| US | 8.8.8.8:53 | wmdwkmzbnn.info | udp |
| US | 8.8.8.8:53 | vdwshxuep.net | udp |
| US | 8.8.8.8:53 | qqgyfxxrwi.info | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | wgmegscc.com | udp |
| US | 8.8.8.8:53 | qtnjetdy.net | udp |
| US | 8.8.8.8:53 | dzjkpyvf.net | udp |
| US | 8.8.8.8:53 | ifnwbneabtf.info | udp |
| US | 8.8.8.8:53 | zbwlzqxw.info | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | gcpjffh.info | udp |
| US | 8.8.8.8:53 | mosdfswcd.info | udp |
| US | 8.8.8.8:53 | daegkyr.info | udp |
| US | 8.8.8.8:53 | zpqwjseqhs.info | udp |
| US | 8.8.8.8:53 | iysucq.com | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | lqeojotccivv.info | udp |
| US | 8.8.8.8:53 | yaaqimkemuce.com | udp |
| US | 8.8.8.8:53 | etlwfphos.info | udp |
| US | 8.8.8.8:53 | muoqimuscemc.org | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| BY | 178.122.162.202:27691 | tcp | |
| US | 8.8.8.8:53 | agawicqoks.org | udp |
| US | 8.8.8.8:53 | ccmmeugywq.com | udp |
| US | 8.8.8.8:53 | pqdelqlhdqh.com | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | oyxyjlakhkr.info | udp |
| US | 8.8.8.8:53 | emctawyczn.info | udp |
| US | 8.8.8.8:53 | anymbr.info | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | fvmsxycepv.net | udp |
| US | 8.8.8.8:53 | dbtcghvk.net | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | fgycbxlsrq.net | udp |
| US | 8.8.8.8:53 | bqbsjkh.org | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | adjnjbudjrjt.info | udp |
| US | 8.8.8.8:53 | ggskcgqg.com | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | gydjlgvan.info | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | pmxkrcziuai.org | udp |
| US | 8.8.8.8:53 | caewgmh.info | udp |
| US | 8.8.8.8:53 | tsmromxtvvyj.net | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | wgokusgkwg.com | udp |
| US | 8.8.8.8:53 | xsekchzjfydb.info | udp |
| US | 8.8.8.8:53 | dvszuodt.net | udp |
| US | 8.8.8.8:53 | jdllyjvqfgr.org | udp |
| US | 8.8.8.8:53 | wohztrcfjyl.info | udp |
| US | 8.8.8.8:53 | nqalpspgr.net | udp |
| US | 8.8.8.8:53 | yoeaeg.com | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | ixothmlccnz.info | udp |
| US | 8.8.8.8:53 | jduopkweq.net | udp |
| US | 8.8.8.8:53 | oocqoeecym.org | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | fzyvluxs.info | udp |
| US | 8.8.8.8:53 | gnqwcwodb.info | udp |
| US | 8.8.8.8:53 | gsnjphd.net | udp |
| US | 8.8.8.8:53 | rwmxvpkpk.org | udp |
| US | 8.8.8.8:53 | dkfgwehaj.net | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | xulkrex.info | udp |
| NL | 173.194.69.94:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | kcznfkyujop.net | udp |
| US | 8.8.8.8:53 | ryxhnpyqlnzv.net | udp |
| US | 8.8.8.8:53 | mueuuaskwug.net | udp |
| US | 8.8.8.8:53 | ucnalojjt.net | udp |
| US | 8.8.8.8:53 | suewmygk.org | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | zpzwmsq.info | udp |
| US | 8.8.8.8:53 | hnrrjpt.net | udp |
| US | 8.8.8.8:53 | hblyepcqpi.net | udp |
| US | 8.8.8.8:53 | guwswaoi.com | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | kyrterbf.net | udp |
| US | 8.8.8.8:53 | wylndrw.info | udp |
| US | 8.8.8.8:53 | anrsjtp.net | udp |
| US | 8.8.8.8:53 | vkvgugmdpkt.net | udp |
| US | 8.8.8.8:53 | bcbfnejsopu.info | udp |
| US | 8.8.8.8:53 | ikofgofgn.info | udp |
| US | 8.8.8.8:53 | soiskqic.com | udp |
| US | 8.8.8.8:53 | vgjhrvr.com | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | sdxkgkuutyz.info | udp |
| US | 8.8.8.8:53 | myfmlyb.info | udp |
| US | 8.8.8.8:53 | tticgcrgn.net | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | rxhqqmwklx.net | udp |
| US | 8.8.8.8:53 | qmyuks.com | udp |
| US | 8.8.8.8:53 | vuhisgjsczx.net | udp |
| US | 8.8.8.8:53 | ugyeff.net | udp |
| US | 8.8.8.8:53 | rxqkxndg.net | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | cdiydibikyqf.info | udp |
| US | 8.8.8.8:53 | wcgokuakeo.org | udp |
| US | 8.8.8.8:53 | emsywqgm.com | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | lglnud.info | udp |
| US | 8.8.8.8:53 | jnufvunmp.org | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | qwxckurtt.net | udp |
| US | 8.8.8.8:53 | lyeyiu.net | udp |
| US | 8.8.8.8:53 | qumwmkakewmc.org | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | cgsrzat.info | udp |
| US | 8.8.8.8:53 | ojbaowhir.info | udp |
| US | 8.8.8.8:53 | tinvovbhbw.net | udp |
| US | 8.8.8.8:53 | keoqukis.org | udp |
| US | 8.8.8.8:53 | nciinn.info | udp |
| US | 8.8.8.8:53 | rrfcfekgpco.org | udp |
| US | 8.8.8.8:53 | aywmxsc.info | udp |
| US | 8.8.8.8:53 | aguugkwrxyno.net | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | sgvyaujcxaj.info | udp |
| US | 8.8.8.8:53 | osmnkcbglpv.info | udp |
| US | 8.8.8.8:53 | fzxyylby.info | udp |
| US | 8.8.8.8:53 | jrlcxnnilzx.net | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | cahivmi.net | udp |
| US | 8.8.8.8:53 | thalgab.net | udp |
| US | 8.8.8.8:53 | aqawas.com | udp |
| US | 8.8.8.8:53 | kvlmrkwad.info | udp |
| US | 8.8.8.8:53 | ptueqhvcbd.net | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | wsmssdvzv.info | udp |
| US | 8.8.8.8:53 | fffqhazzmohe.info | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | xfdwjdwe.info | udp |
| US | 8.8.8.8:53 | jnkodjntnaft.info | udp |
| US | 8.8.8.8:53 | hvlqdtmah.com | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | qihijadwr.info | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | djeykyv.org | udp |
| US | 8.8.8.8:53 | nsvvpaixtgsu.net | udp |
| US | 8.8.8.8:53 | pevttnigvip.net | udp |
| US | 8.8.8.8:53 | eqsmwg.org | udp |
| US | 8.8.8.8:53 | gsdglnp.net | udp |
| US | 8.8.8.8:53 | kiutjiqevj.net | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | iciijrd.info | udp |
| US | 8.8.8.8:53 | stjubatgpbm.info | udp |
| US | 8.8.8.8:53 | iojoxzswsv.info | udp |
| US | 8.8.8.8:53 | smesbqnara.net | udp |
| US | 8.8.8.8:53 | byqsfwj.info | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | ialtjonec.info | udp |
| US | 8.8.8.8:53 | jigtjgpgw.org | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | gwkuyamoug.org | udp |
| US | 8.8.8.8:53 | ngsdpzfl.info | udp |
| US | 8.8.8.8:53 | kituhhmeu.info | udp |
| US | 8.8.8.8:53 | nrlouanfr.net | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | ftdzvcyeta.info | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | dhtudxhfjkrl.info | udp |
| US | 8.8.8.8:53 | lszrfvjcrn.info | udp |
| US | 8.8.8.8:53 | jeyjxqwfwu.net | udp |
| US | 8.8.8.8:53 | zbwyvmhc.net | udp |
| US | 8.8.8.8:53 | iwqwlmhnvab.net | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | jvhhpz.info | udp |
| US | 8.8.8.8:53 | igvdguf.info | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | cmqyomemmk.org | udp |
| US | 8.8.8.8:53 | lotkfoa.org | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | luhpvyll.info | udp |
| US | 8.8.8.8:53 | nxmtndxoxntx.net | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | ghyymshxy.net | udp |
| US | 8.8.8.8:53 | rriffvwbyi.net | udp |
| US | 8.8.8.8:53 | lirmzsckr.com | udp |
| US | 8.8.8.8:53 | yjhczh.info | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | tmyugxeuqs.info | udp |
| US | 8.8.8.8:53 | bwjgnejdgyz.net | udp |
| US | 8.8.8.8:53 | seimouig.org | udp |
| US | 8.8.8.8:53 | sdayibpqflfs.info | udp |
| US | 8.8.8.8:53 | zpqelj.net | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | xmksnjkx.info | udp |
| US | 8.8.8.8:53 | ukhlpsb.info | udp |
| US | 8.8.8.8:53 | kgrxjbj.info | udp |
| US | 8.8.8.8:53 | xefyrbw.net | udp |
| US | 8.8.8.8:53 | egkfqnxj.net | udp |
| US | 8.8.8.8:53 | hcxkvqpgp.info | udp |
| US | 8.8.8.8:53 | iuertjkaekb.info | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | zbfcxvqtjx.info | udp |
| US | 8.8.8.8:53 | iunassvxled.info | udp |
| US | 8.8.8.8:53 | xnpkygf.net | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | caztlqhiymc.info | udp |
| US | 8.8.8.8:53 | ngvaqozuqwz.net | udp |
| US | 8.8.8.8:53 | weglibakx.net | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | eujquinixtu.net | udp |
| US | 8.8.8.8:53 | vaxrzhzzgxjp.info | udp |
| US | 8.8.8.8:53 | hvweopbbfia.info | udp |
| US | 8.8.8.8:53 | pnzcfzquxq.info | udp |
| US | 8.8.8.8:53 | uzkkfpnqprh.net | udp |
| US | 8.8.8.8:53 | zjlidcrcedp.com | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | psaqfiw.org | udp |
| US | 8.8.8.8:53 | vhpgrd.net | udp |
| US | 8.8.8.8:53 | gsirxgmdst.net | udp |
| US | 8.8.8.8:53 | jcnkjnnkf.com | udp |
| US | 8.8.8.8:53 | bykjeksichy.net | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | wqquyywm.org | udp |
| US | 8.8.8.8:53 | vdejbif.info | udp |
| US | 8.8.8.8:53 | ueaaaeqouy.org | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | ofmizabpd.net | udp |
| US | 8.8.8.8:53 | xbikzousfv.net | udp |
| US | 8.8.8.8:53 | kggeujf.info | udp |
| US | 8.8.8.8:53 | oqmicasgweow.org | udp |
| US | 8.8.8.8:53 | akrldi.info | udp |
| US | 8.8.8.8:53 | uffnhzjx.net | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | hqvqazz.net | udp |
| US | 8.8.8.8:53 | rzwfvq.info | udp |
| US | 8.8.8.8:53 | iinolqkgvc.net | udp |
| US | 8.8.8.8:53 | hunsxel.info | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | lwlobfjrbgyi.net | udp |
| US | 8.8.8.8:53 | edorjl.info | udp |
| US | 8.8.8.8:53 | equnyx.info | udp |
| US | 8.8.8.8:53 | wegmmuksgaz.info | udp |
| US | 8.8.8.8:53 | flkrix.info | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | ttsybsra.info | udp |
| US | 8.8.8.8:53 | anithkhld.net | udp |
| US | 8.8.8.8:53 | gtqgralcx.net | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | itnkwq.net | udp |
| US | 8.8.8.8:53 | skwqcyceqm.com | udp |
| US | 8.8.8.8:53 | aldrtf.net | udp |
| US | 8.8.8.8:53 | njzhvcne.net | udp |
| US | 8.8.8.8:53 | ttrvdc.info | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | mfwloi.net | udp |
| US | 8.8.8.8:53 | wnsejyt.net | udp |
| US | 8.8.8.8:53 | mrcknvkizk.info | udp |
| US | 8.8.8.8:53 | xalmtrzefq.net | udp |
| US | 8.8.8.8:53 | sswrrv.net | udp |
| US | 8.8.8.8:53 | gosnego.info | udp |
| US | 8.8.8.8:53 | rclazebjpl.net | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | semqcmcy.org | udp |
| US | 8.8.8.8:53 | ztersuwxzu.info | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | kbravsgoirex.info | udp |
| US | 8.8.8.8:53 | bbbwcc.net | udp |
| US | 8.8.8.8:53 | hvxwrydmnck.info | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | fnlkdgek.info | udp |
| US | 8.8.8.8:53 | wokcgeyu.org | udp |
| US | 8.8.8.8:53 | pdacnaxnt.net | udp |
| US | 8.8.8.8:53 | uqbmlrpshsn.info | udp |
| US | 8.8.8.8:53 | gvfhiafpmuju.net | udp |
| US | 8.8.8.8:53 | ywcqyuygmoqe.com | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | osamhzb.info | udp |
| US | 8.8.8.8:53 | isqhwzylmcf.info | udp |
| US | 8.8.8.8:53 | zedxzm.info | udp |
| US | 8.8.8.8:53 | dohskys.net | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | uotuzyrhmoj.net | udp |
| US | 8.8.8.8:53 | emajipxyvb.net | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | sdqzlp.info | udp |
| US | 8.8.8.8:53 | qykzii.info | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | wilsuozqj.info | udp |
| US | 8.8.8.8:53 | gwykmuuygoqu.com | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | bitsgxf.net | udp |
| US | 8.8.8.8:53 | qmmjhisghfna.info | udp |
| US | 8.8.8.8:53 | gjjgga.net | udp |
| US | 8.8.8.8:53 | xpkmrmdatij.net | udp |
| US | 8.8.8.8:53 | npwjzvccviiq.info | udp |
| US | 8.8.8.8:53 | ikndlflmt.info | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | vehydanleh.net | udp |
| US | 8.8.8.8:53 | soonrfga.info | udp |
| US | 8.8.8.8:53 | rrvoahykpt.info | udp |
| US | 8.8.8.8:53 | dorprxrib.com | udp |
| US | 8.8.8.8:53 | qmtwdgd.info | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | edggbx.net | udp |
| US | 8.8.8.8:53 | jnoisdyai.com | udp |
| US | 8.8.8.8:53 | zcyckcv.org | udp |
| US | 8.8.8.8:53 | rtdnfv.net | udp |
| US | 8.8.8.8:53 | ocwkgswcciym.com | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | ikdijojid.net | udp |
| US | 8.8.8.8:53 | ecowkahzlqd.net | udp |
| US | 8.8.8.8:53 | ngaiyftrppdu.net | udp |
| US | 8.8.8.8:53 | giqjic.info | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | nndkkthuo.com | udp |
| US | 8.8.8.8:53 | gakjcwrvfsxh.net | udp |
| US | 8.8.8.8:53 | euxxxslrb.net | udp |
| US | 8.8.8.8:53 | tilbvyqg.net | udp |
| US | 8.8.8.8:53 | ggyiysya.com | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | anhszxet.info | udp |
| US | 8.8.8.8:53 | txyjekmg.info | udp |
| US | 8.8.8.8:53 | pnhqfs.info | udp |
| US | 8.8.8.8:53 | cbasfir.net | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | cnzloatrxd.net | udp |
| US | 8.8.8.8:53 | flyzxisaz.org | udp |
| US | 8.8.8.8:53 | wwzfromlf.info | udp |
| US | 8.8.8.8:53 | ruwzbfbfub.info | udp |
| US | 8.8.8.8:53 | ymememwsig.com | udp |
| US | 8.8.8.8:53 | fejlnqlkd.net | udp |
| US | 8.8.8.8:53 | iiksqsiymcmg.com | udp |
| US | 8.8.8.8:53 | unbtyrkqob.info | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | yocgyw.com | udp |
| US | 8.8.8.8:53 | coeywyii.org | udp |
| US | 8.8.8.8:53 | nfhabdz.com | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | yknyjkh.info | udp |
| US | 8.8.8.8:53 | rgzkqmp.com | udp |
| US | 8.8.8.8:53 | lugwvmbknc.info | udp |
| US | 8.8.8.8:53 | sqdwann.net | udp |
| US | 8.8.8.8:53 | yilmrafyl.net | udp |
| US | 8.8.8.8:53 | gcfwdpl.net | udp |
| US | 8.8.8.8:53 | tdcitd.info | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | vfhecp.info | udp |
| US | 8.8.8.8:53 | lkzgvzl.info | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | duninfxu.info | udp |
| US | 8.8.8.8:53 | imrkbttwm.info | udp |
| US | 8.8.8.8:53 | geqgxcjnf.net | udp |
| US | 8.8.8.8:53 | wagksk.org | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | nxfcru.info | udp |
| US | 8.8.8.8:53 | qizgnqrarod.net | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | zpkkcbxl.net | udp |
| US | 8.8.8.8:53 | moywss.org | udp |
| US | 8.8.8.8:53 | fenykgpkio.info | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | zdidzuta.net | udp |
| US | 8.8.8.8:53 | eslrtgelfe.net | udp |
| US | 8.8.8.8:53 | bbrqxulc.info | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | ygicagqyqw.com | udp |
| US | 8.8.8.8:53 | fsdpuczzcyf.net | udp |
| US | 8.8.8.8:53 | halgjos.org | udp |
| US | 8.8.8.8:53 | nfpwrgeddstg.info | udp |
| US | 8.8.8.8:53 | pcjnmmbtx.com | udp |
| US | 8.8.8.8:53 | wkqewwscgiag.org | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | hydtzvndnuk.net | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | vsvzddgw.info | udp |
| US | 8.8.8.8:53 | yznziifof.net | udp |
| US | 8.8.8.8:53 | zgfmpuy.org | udp |
| US | 8.8.8.8:53 | fabapvt.org | udp |
| US | 8.8.8.8:53 | kcobykowxd.net | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | ymoqjujbkv.info | udp |
| US | 8.8.8.8:53 | jvzfqfvgnbgk.info | udp |
| US | 8.8.8.8:53 | nrrhkh.net | udp |
| US | 8.8.8.8:53 | igdglrwiubsl.info | udp |
| US | 8.8.8.8:53 | vjjkehvdrnms.info | udp |
| US | 8.8.8.8:53 | yigdbumysis.net | udp |
| US | 8.8.8.8:53 | rbnyaqx.net | udp |
| US | 8.8.8.8:53 | hcrygrpcger.org | udp |
| US | 8.8.8.8:53 | yqhjgibtrr.net | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | rkrpzugvy.com | udp |
| US | 8.8.8.8:53 | elrkzzjtrkpj.net | udp |
| US | 8.8.8.8:53 | euemmwmi.com | udp |
| US | 8.8.8.8:53 | twwtoctvrdnh.net | udp |
| US | 8.8.8.8:53 | fosyxsfclid.org | udp |
| US | 8.8.8.8:53 | qvmhyfhlpp.info | udp |
| US | 8.8.8.8:53 | yimjjyblzif.info | udp |
| US | 8.8.8.8:53 | akhupojaj.net | udp |
| US | 8.8.8.8:53 | bakcryvyjkl.com | udp |
| US | 8.8.8.8:53 | emscoaqosk.org | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | poleddfcltp.net | udp |
| US | 8.8.8.8:53 | mtjgtcurvfg.info | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | luredqszppv.com | udp |
| US | 8.8.8.8:53 | prrekgjjesha.net | udp |
| US | 8.8.8.8:53 | qxpqcowoxj.net | udp |
| US | 8.8.8.8:53 | ljwbnqbmvb.info | udp |
| US | 8.8.8.8:53 | frzvldlkry.net | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | rwlyfdpgx.com | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | agoqqeqsywyk.org | udp |
| US | 8.8.8.8:53 | vqnjfuxqymh.org | udp |
| US | 8.8.8.8:53 | wnhoebtymh.net | udp |
| US | 8.8.8.8:53 | mqqgfwhdrk.info | udp |
| US | 8.8.8.8:53 | mwgwjsokosk.info | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | hykuxrnkthb.org | udp |
| US | 8.8.8.8:53 | yahmpsnkbaxm.net | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | vteelbsv.info | udp |
| US | 8.8.8.8:53 | gpvqrkajgm.net | udp |
| US | 8.8.8.8:53 | iosywgckiw.com | udp |
| US | 8.8.8.8:53 | qvijhvzfyz.info | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | oinibwp.info | udp |
| US | 8.8.8.8:53 | uasqhslkxwx.net | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | iqfwyzft.net | udp |
| US | 8.8.8.8:53 | clfghixibej.info | udp |
| US | 8.8.8.8:53 | mpwtttjmmir.net | udp |
| US | 8.8.8.8:53 | fkogdnf.info | udp |
| US | 8.8.8.8:53 | pzdxrsizvylz.net | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | ifkcjarwz.net | udp |
| US | 8.8.8.8:53 | yytylvvekmm.net | udp |
| US | 8.8.8.8:53 | cmiqomwewa.org | udp |
| US | 8.8.8.8:53 | cscugc.com | udp |
| US | 8.8.8.8:53 | ajzglksltchy.net | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | mnzyduz.net | udp |
| US | 8.8.8.8:53 | ggzbfjod.net | udp |
| US | 8.8.8.8:53 | xpqrhnbrrohe.info | udp |
| US | 8.8.8.8:53 | kgxixuj.net | udp |
| US | 8.8.8.8:53 | cswxisbcdpe.net | udp |
| US | 8.8.8.8:53 | zhibftntju.net | udp |
| US | 8.8.8.8:53 | dotnhzb.net | udp |
| US | 8.8.8.8:53 | jwferid.com | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | zqdndmbf.info | udp |
| US | 8.8.8.8:53 | cykxrrvwfp.net | udp |
| US | 8.8.8.8:53 | umjmzklivoi.net | udp |
| US | 8.8.8.8:53 | rzcstql.net | udp |
| US | 8.8.8.8:53 | npcgxsmr.net | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | kbasfytnrmde.net | udp |
| US | 8.8.8.8:53 | tlqocoj.com | udp |
| US | 8.8.8.8:53 | phtcvymjphzv.net | udp |
| US | 8.8.8.8:53 | hydkflhmdvvo.net | udp |
| US | 8.8.8.8:53 | dbwrlr.info | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | ouoyccooqw.org | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | uficjqme.info | udp |
| US | 8.8.8.8:53 | zqogrxmonad.org | udp |
| US | 8.8.8.8:53 | euigmsuckm.org | udp |
| US | 8.8.8.8:53 | sxxljmldcw.info | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | rmlhtbyug.info | udp |
| US | 8.8.8.8:53 | kcsotwn.info | udp |
| US | 8.8.8.8:53 | cissaqwgic.org | udp |
| US | 8.8.8.8:53 | pctkqgjqngg.org | udp |
| US | 8.8.8.8:53 | ajeijvbtgd.info | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | qkusgq.org | udp |
| US | 8.8.8.8:53 | pddjqiyhax.net | udp |
| US | 8.8.8.8:53 | jfezcmohhtrg.info | udp |
| US | 8.8.8.8:53 | lduqer.net | udp |
| US | 8.8.8.8:53 | smwuoqgo.com | udp |
| US | 8.8.8.8:53 | mjtamh.net | udp |
| US | 8.8.8.8:53 | qcfhoqlv.net | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | jaoytkq.info | udp |
| US | 8.8.8.8:53 | dhzlmjsy.info | udp |
| US | 8.8.8.8:53 | dvimbkcibrz.org | udp |
| US | 8.8.8.8:53 | autmurpsp.net | udp |
| US | 8.8.8.8:53 | kwewyg.com | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | wbhxjt.info | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | awuqgq.org | udp |
| US | 8.8.8.8:53 | awgfpbeanyp.net | udp |
| US | 8.8.8.8:53 | lobfhotfxcfm.net | udp |
| US | 8.8.8.8:53 | mwhjaifhdx.info | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | qocgsmgeew.com | udp |
| US | 8.8.8.8:53 | emnhrtzvtcga.net | udp |
| US | 8.8.8.8:53 | wkrrhuvzzv.net | udp |
| US | 8.8.8.8:53 | omnalyb.info | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | utmuejhvgj.info | udp |
| US | 8.8.8.8:53 | vgbkpmprtu.net | udp |
| US | 8.8.8.8:53 | uokwzjo.net | udp |
| US | 8.8.8.8:53 | xquifqbwfjsu.net | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | uapnxd.net | udp |
| US | 8.8.8.8:53 | strpmpuozrzs.info | udp |
| US | 8.8.8.8:53 | iacwky.org | udp |
| US | 8.8.8.8:53 | vdwbvvrv.info | udp |
| US | 8.8.8.8:53 | jzqyvjvl.info | udp |
| US | 8.8.8.8:53 | mpokxpqwbata.net | udp |
| US | 8.8.8.8:53 | sgwqkwkqoc.org | udp |
| US | 8.8.8.8:53 | swzivimsyuoj.net | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | zuhfrjt.org | udp |
| US | 8.8.8.8:53 | iebhjmt.net | udp |
| US | 8.8.8.8:53 | gkpwvspelpn.net | udp |
| US | 8.8.8.8:53 | rgbqzfudgs.info | udp |
| US | 8.8.8.8:53 | ctycowoq.net | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | altqghs.net | udp |
| US | 8.8.8.8:53 | peeifkbwlqt.com | udp |
| US | 8.8.8.8:53 | aqzabijoxac.net | udp |
| US | 8.8.8.8:53 | xphktmhtmf.net | udp |
| US | 8.8.8.8:53 | cmeufywxtwx.net | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | cmauaqksuqss.org | udp |
| US | 8.8.8.8:53 | vabdmsqm.net | udp |
| US | 8.8.8.8:53 | jdxicqbppk.info | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | jdgvvenagwus.info | udp |
| US | 8.8.8.8:53 | eafurmvpncp.info | udp |
| US | 8.8.8.8:53 | gtvprcpqb.net | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | ekdbbpkz.info | udp |
| US | 8.8.8.8:53 | aubtjykgmo.info | udp |
| US | 8.8.8.8:53 | habieix.info | udp |
| US | 8.8.8.8:53 | mbppzvwehnid.net | udp |
| US | 8.8.8.8:53 | cwefja.info | udp |
| US | 8.8.8.8:53 | iosoyo.org | udp |
| US | 8.8.8.8:53 | ibnswgd.info | udp |
| US | 8.8.8.8:53 | iffazcaf.net | udp |
| US | 8.8.8.8:53 | ukguxed.net | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | oyaeuues.com | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | aqqgue.org | udp |
| US | 8.8.8.8:53 | flxtmjyi.net | udp |
| US | 8.8.8.8:53 | tmyrayebtd.net | udp |
| US | 8.8.8.8:53 | oayukawk.org | udp |
| US | 8.8.8.8:53 | icoskayyms.org | udp |
| US | 8.8.8.8:53 | fjiyoissn.org | udp |
| US | 8.8.8.8:53 | dwqvxhbri.net | udp |
| US | 8.8.8.8:53 | zyhrvrlcxxau.net | udp |
| US | 8.8.8.8:53 | xwcquxgrbf.info | udp |
| US | 8.8.8.8:53 | byzyzrrjb.com | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | qpsnvi.net | udp |
| US | 8.8.8.8:53 | mtzsarlrxoaz.info | udp |
| US | 8.8.8.8:53 | ogaaqsegcsua.com | udp |
| US | 8.8.8.8:53 | jjvyfo.info | udp |
| US | 8.8.8.8:53 | hwnpqv.net | udp |
| US | 8.8.8.8:53 | skxsxgekl.info | udp |
| US | 8.8.8.8:53 | vmewzhkl.net | udp |
| US | 8.8.8.8:53 | bwfbvndj.info | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | bivjhubzx.net | udp |
| US | 8.8.8.8:53 | tjmfzzgmsqha.info | udp |
| US | 8.8.8.8:53 | vdhkdaj.info | udp |
| US | 8.8.8.8:53 | msxvtst.net | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | fcxthmvhet.net | udp |
| US | 8.8.8.8:53 | ldqpnc.info | udp |
| US | 8.8.8.8:53 | ywooyzzd.net | udp |
| US | 8.8.8.8:53 | uquumsac.com | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | qqlpxisgz.info | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | xbgldvj.info | udp |
| US | 8.8.8.8:53 | wnqvlijrj.info | udp |
| US | 8.8.8.8:53 | qihksex.info | udp |
| US | 8.8.8.8:53 | xygarsosyip.net | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | dodmfddxhh.net | udp |
| US | 8.8.8.8:53 | gozsooxaw.net | udp |
| US | 8.8.8.8:53 | ipzkzazih.info | udp |
| US | 8.8.8.8:53 | dutejaeahe.info | udp |
| US | 8.8.8.8:53 | zqzwnltxn.info | udp |
| US | 8.8.8.8:53 | bjhulpmfdw.net | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | zijaame.net | udp |
| US | 8.8.8.8:53 | uzwkxydv.info | udp |
| US | 8.8.8.8:53 | rolvewxjogiu.info | udp |
| US | 8.8.8.8:53 | heryfeh.org | udp |
| US | 8.8.8.8:53 | iyobvrfh.info | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | dfedwnwesn.net | udp |
| US | 8.8.8.8:53 | ssskcoewoiuk.com | udp |
| US | 8.8.8.8:53 | twxsqarfrw.info | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | svpenhlunv.info | udp |
| US | 8.8.8.8:53 | huekdjkm.info | udp |
| US | 8.8.8.8:53 | swoyoskeia.com | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | kpiusltjcs.info | udp |
| US | 8.8.8.8:53 | ruaqpyt.info | udp |
| US | 8.8.8.8:53 | dhvozgtebnb.info | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | veryfq.info | udp |
| US | 8.8.8.8:53 | okxkuqn.net | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | cuaubdf.info | udp |
| US | 8.8.8.8:53 | qouomase.com | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | hgsyflcivzpm.net | udp |
| US | 8.8.8.8:53 | xsscirwh.net | udp |
| US | 8.8.8.8:53 | gicyciwgoa.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
| MD5 | 5203b6ea0901877fbf2d8d6f6d8d338e |
| SHA1 | c803e92561921b38abe13239c1fd85605b570936 |
| SHA256 | 0cc02d34d5fd4cf892fed282f98c1ad3e7dd6159a8877ae5c46d3f834ed36060 |
| SHA512 | d48a41b4fc4c38a6473f789c02918fb7353a4b4199768a3624f3b685d91d38519887a1ccd3616e0d2b079a346afaec5a0f2ef2c46d72d3097ef561cedb476471 |
C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe
| MD5 | c5053b6a278897cf8629be4ba93b3030 |
| SHA1 | 8bbc4116b965c3546d3d52d2d90eca8d5979901f |
| SHA256 | 25513f2b017ee242a254117f14ff49bb55f034a64265724e8e76d49a696b2d60 |
| SHA512 | 15b961286782c54d9bc04722679570afea0112facc107e17669c4cd4ea9695c198d312d91019275b850214f6b116fd88d5531b23555f364e6d0200ea1cdbe617 |
C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe
| MD5 | e092a57be3f88162868fce94629ffd6a |
| SHA1 | 4d95e706bd2765e5ad01e412839604d5e7e4db19 |
| SHA256 | 4d74ae58c6eb320dd7e560ef5a3a6bdff653b3eedeb7334dd8e2a4eabc7e1e6c |
| SHA512 | 04bdc301a1735852ff2a354248665895e6de941ad5788598f753fd4a08d7a18685e924664d46a73da5ccdced6f4f2ba3d26af2c0901f5f456720b55d2f6a6ea0 |
C:\Users\Admin\AppData\Local\bxywczcdyycxwynltdbxyw.zcd
| MD5 | a381a0d98b7f5db426fa9ac23dc5f96c |
| SHA1 | c90e011684ec8a57dffec6ecdd0ae4f7889c6aae |
| SHA256 | 88b6bc31c67723e4e59cf2a8c029284485b3de738d24aa5462347c546626a2ea |
| SHA512 | d9763bfdd5f4061293b55f2b292c0e4d5caeb7f316ac179506071de7bebcd714e7c62113ab3ed860dc57e5f52e89103d7aac073050eb8957e241d175489d1330 |
C:\Users\Admin\AppData\Local\szlulthtzkzfpcclezipbkbjxjpapvfss.upy
| MD5 | 99caa1f96043b9786880e08f4a24bd62 |
| SHA1 | 1f25788e6bd360c41aed414e5cc1f3ffba66460d |
| SHA256 | a92c8df9eeee520299cce237a8b1cdcde13de1ea4eb5bea02dc180a55cf8fa38 |
| SHA512 | bb257ce85a14581117e539d4a48d6a945c7b2cc7dc180902cce240484038b58c8b787db645e19d3b4e89b24ac530811ef1e3f0b772ef33fc9aa32295a3ec91b1 |
C:\Program Files (x86)\bxywczcdyycxwynltdbxyw.zcd
| MD5 | 4bbbdb5128b5ff16636a69594ec9247c |
| SHA1 | 5fe287ab963ae9dee57320826cc6a1b10b3bd1a3 |
| SHA256 | dfc439b636ce4f05ee5ebe587b60edf1607c5bbe3d941bc13d3f324fe7434de3 |
| SHA512 | 32f23b217af1de7f6cb5165a32c669afcd1cefa8d33946b7f2d429f6ca62a723a4d4229a5045fd926871c27a92f4507edce7c65444b51308f77d9bb9abe12075 |
C:\Program Files (x86)\bxywczcdyycxwynltdbxyw.zcd
| MD5 | 145c65c46599f8131f7f4cd80f0ddd9c |
| SHA1 | c34d1d80eb83fd7cab6444f096aaf421c38c574f |
| SHA256 | dcc822430efcc46305d4aad63bf00d65089f2999ef690cbe4c99dbd64f725ff5 |
| SHA512 | 9374fe7591e9f4437364ea9c2cff862418fe17bf54a4c226904e7791ea629d3706af600606a098c304a751738e5055039b9a33a55987d2e4ab24b224ab6773b7 |
C:\Program Files (x86)\bxywczcdyycxwynltdbxyw.zcd
| MD5 | bcce051788926df4f2fbc6b81c81033b |
| SHA1 | 62f25ee2289ec7e0249ec1aeabe7a946ad45bb2e |
| SHA256 | 5ec69ebb119336b07cad22071f9b8aeadfeb84b30cc892c3137c80065d13a853 |
| SHA512 | e4812cc9d2280a816a9ef0409f976333fc66953fadbe6b21637dd7a2ca8f501a3b100099f6cc5d022fe981a594c10cdb6f5be08e79c74991000eee8bbabda446 |
C:\Program Files (x86)\bxywczcdyycxwynltdbxyw.zcd
| MD5 | c74bf3fffd1b8d4db7aaa08ba52b31f4 |
| SHA1 | c398bd3c14090c93ebda8462d00c8bdf6fed1b9d |
| SHA256 | c275eae415fc9bfb76c4dd6c041f48ad7eb002ff253d63cc046b78dfe75c386f |
| SHA512 | 54c1e3c66a74cfca74357cd50376843f66126f97fc82df1aac718f5ffeea5c989357e3581900d7d341eda0b9a710b607d380f4b9fff3b4b962579961742f12ef |
C:\Program Files (x86)\bxywczcdyycxwynltdbxyw.zcd
| MD5 | 2f928aff9af7ac3cb284e67f5c1c5261 |
| SHA1 | 1fcc5ec50fc42abe42b3d6dcaa081039084e206d |
| SHA256 | 94b924af7cbdcd09a496179c3d3f9555b24771c61fb146423aeca3e1fe09ffb0 |
| SHA512 | addff22753ceedd6b0930b67b994f268761ef5fe473b6a9c9b80c86644491e603c067d56c9dc41bfb865f11e26d44bca16710a771cd14c3d5c378acd608bcfc7 |
C:\Program Files (x86)\bxywczcdyycxwynltdbxyw.zcd
| MD5 | c6df609f588150e632545ef811066a81 |
| SHA1 | 6a1d4a21d1e550312c2972740fba81f6c948dad6 |
| SHA256 | 911ef5449c42bbb409923c33879b9c56c5a2c331d6bd98b9c87d6b1b856f025c |
| SHA512 | a5cd9fa744b6ff65ca4630078cdb47a9c90e0b0bd1498b1b77876e2d2b8de8142962a4a058c19186175996a68382ba937f038df67e5eb913bd9cc30d29c2ab2a |
C:\Program Files (x86)\bxywczcdyycxwynltdbxyw.zcd
| MD5 | b6226acd277e11b270d0ce92547db2bc |
| SHA1 | ae5be48eb6c8a59d4971eaf43cd0503ae7d0ea9e |
| SHA256 | 59ab618d3b2860e58804c683babf5145da34731e09b0699662ffb78fdaea5533 |
| SHA512 | 428f4c0737c30550fadee11ab7da9aa9538427aa5708d8aadaa5d677d0c3a4e8f2d2a52d4cec4c17fc0a656088bc5c495a2a6bfc07375a04ba64d225e2240235 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-04-20 07:24
Reported
2025-04-20 07:26
Platform
win11-20250410-en
Max time kernel
24s
Max time network
154s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ujepidqbvlvuuuwh.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "brnztpdpkbmmnordn.exe" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "kbylgdsfbtfgikobme.exe" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brnztpdpkbmmnordn.exe" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "ibapmlcrpjxaeiodqkdc.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "ujepidqbvlvuuuwh.exe" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbylgdsfbtfgikobme.exe" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "xrrhffxnmhwafkrhvqkka.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "kbylgdsfbtfgikobme.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brnztpdpkbmmnordn.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "ibapmlcrpjxaeiodqkdc.exe" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbylgdsfbtfgikobme.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "xrrhffxnmhwafkrhvqkka.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "xrrhffxnmhwafkrhvqkka.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbylgdsfbtfgikobme.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "vnlzvtjxunacfinbngy.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ujepidqbvlvuuuwh.exe" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "ibapmlcrpjxaeiodqkdc.exe" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "xrrhffxnmhwafkrhvqkka.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "vnlzvtjxunacfinbngy.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrrhffxnmhwafkrhvqkka.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ibapmlcrpjxaeiodqkdc.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrrhffxnmhwafkrhvqkka.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "brnztpdpkbmmnordn.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "vnlzvtjxunacfinbngy.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "xrrhffxnmhwafkrhvqkka.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brnztpdpkbmmnordn.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\inyzit = "ujepidqbvlvuuuwh.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mxovkbkrhtzu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrrhffxnmhwafkrhvqkka.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\inyzit = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrrhffxnmhwafkrhvqkka.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\bjxbnbhly = "brnztpdpkbmmnordn.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\udsxkzglzj = "ujepidqbvlvuuuwh.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbylgdsfbtfgikobme.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brnztpdpkbmmnordn.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\inyzit = "vnlzvtjxunacfinbngy.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzpvjzhncns = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbylgdsfbtfgikobme.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\bjxbnbhly = "ibapmlcrpjxaeiodqkdc.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzpvjzhncns = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ujepidqbvlvuuuwh.exe ." | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzpvjzhncns = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ujepidqbvlvuuuwh.exe ." | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbylgdsfbtfgikobme.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\bjxbnbhly = "brnztpdpkbmmnordn.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\udsxkzglzj = "brnztpdpkbmmnordn.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mxovkbkrhtzu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brnztpdpkbmmnordn.exe" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrrhffxnmhwafkrhvqkka.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\bjxbnbhly = "xrrhffxnmhwafkrhvqkka.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\udsxkzglzj = "kbylgdsfbtfgikobme.exe ." | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mxovkbkrhtzu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\bjxbnbhly = "vnlzvtjxunacfinbngy.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "vnlzvtjxunacfinbngy.exe ." | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\bjxbnbhly = "vnlzvtjxunacfinbngy.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\udsxkzglzj = "kbylgdsfbtfgikobme.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mxovkbkrhtzu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "xrrhffxnmhwafkrhvqkka.exe ." | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mxovkbkrhtzu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrrhffxnmhwafkrhvqkka.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\udsxkzglzj = "ibapmlcrpjxaeiodqkdc.exe ." | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzpvjzhncns = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrrhffxnmhwafkrhvqkka.exe ." | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\bjxbnbhly = "ujepidqbvlvuuuwh.exe" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\inyzit = "ibapmlcrpjxaeiodqkdc.exe" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzpvjzhncns = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbylgdsfbtfgikobme.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\udsxkzglzj = "brnztpdpkbmmnordn.exe ." | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzpvjzhncns = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\inyzit = "ujepidqbvlvuuuwh.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbylgdsfbtfgikobme.exe ." | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\udsxkzglzj = "ibapmlcrpjxaeiodqkdc.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\inyzit = "brnztpdpkbmmnordn.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\udsxkzglzj = "kbylgdsfbtfgikobme.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\bjxbnbhly = "vnlzvtjxunacfinbngy.exe" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\udsxkzglzj = "kbylgdsfbtfgikobme.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\inyzit = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\inyzit = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrrhffxnmhwafkrhvqkka.exe" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\inyzit = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ujepidqbvlvuuuwh.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzpvjzhncns = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ibapmlcrpjxaeiodqkdc.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "ujepidqbvlvuuuwh.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ujepidqbvlvuuuwh.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\udsxkzglzj = "vnlzvtjxunacfinbngy.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mxovkbkrhtzu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbylgdsfbtfgikobme.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\bjxbnbhly = "xrrhffxnmhwafkrhvqkka.exe" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "ibapmlcrpjxaeiodqkdc.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\inyzit = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrrhffxnmhwafkrhvqkka.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\inyzit = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\inyzit = "vnlzvtjxunacfinbngy.exe" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\inyzit = "ujepidqbvlvuuuwh.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\inyzit = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\bjxbnbhly = "ibapmlcrpjxaeiodqkdc.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe ." | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\inyzit = "xrrhffxnmhwafkrhvqkka.exe" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\inyzit = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\inyzit = "brnztpdpkbmmnordn.exe" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\inyzit = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrrhffxnmhwafkrhvqkka.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "brnztpdpkbmmnordn.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\kbylgdsfbtfgikobme.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbylgdsfbtfgikobme.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ujepidqbvlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\orazgpqpxbzmaoedaehqpwfgfn.pcq | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brnztpdpkbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brnztpdpkbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbylgdsfbtfgikobme.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbylgdsfbtfgikobme.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ujepidqbvlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ujepidqbvlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojkbabullhxciowncytulk.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ibapmlcrpjxaeiodqkdc.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ibapmlcrpjxaeiodqkdc.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xrrhffxnmhwafkrhvqkka.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xrrhffxnmhwafkrhvqkka.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbylgdsfbtfgikobme.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xrrhffxnmhwafkrhvqkka.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ujepidqbvlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brnztpdpkbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brnztpdpkbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ibapmlcrpjxaeiodqkdc.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brnztpdpkbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ujepidqbvlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ujepidqbvlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xrrhffxnmhwafkrhvqkka.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File created | C:\Windows\SysWOW64\pdxhztfpixgedcdnvkyscuoakdsbzyxyiqftn.pjv | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojkbabullhxciowncytulk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xrrhffxnmhwafkrhvqkka.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ibapmlcrpjxaeiodqkdc.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xrrhffxnmhwafkrhvqkka.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojkbabullhxciowncytulk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brnztpdpkbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ibapmlcrpjxaeiodqkdc.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ibapmlcrpjxaeiodqkdc.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ibapmlcrpjxaeiodqkdc.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brnztpdpkbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ujepidqbvlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xrrhffxnmhwafkrhvqkka.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbylgdsfbtfgikobme.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ibapmlcrpjxaeiodqkdc.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojkbabullhxciowncytulk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brnztpdpkbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brnztpdpkbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbylgdsfbtfgikobme.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ibapmlcrpjxaeiodqkdc.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbylgdsfbtfgikobme.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ujepidqbvlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojkbabullhxciowncytulk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ujepidqbvlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbylgdsfbtfgikobme.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ibapmlcrpjxaeiodqkdc.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File created | C:\Windows\SysWOW64\orazgpqpxbzmaoedaehqpwfgfn.pcq | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brnztpdpkbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\orazgpqpxbzmaoedaehqpwfgfn.pcq | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File created | C:\Program Files (x86)\orazgpqpxbzmaoedaehqpwfgfn.pcq | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Program Files (x86)\pdxhztfpixgedcdnvkyscuoakdsbzyxyiqftn.pjv | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File created | C:\Program Files (x86)\pdxhztfpixgedcdnvkyscuoakdsbzyxyiqftn.pjv | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\ojkbabullhxciowncytulk.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\vnlzvtjxunacfinbngy.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ibapmlcrpjxaeiodqkdc.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\brnztpdpkbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\kbylgdsfbtfgikobme.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\kbylgdsfbtfgikobme.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\xrrhffxnmhwafkrhvqkka.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\ibapmlcrpjxaeiodqkdc.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\xrrhffxnmhwafkrhvqkka.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ujepidqbvlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ibapmlcrpjxaeiodqkdc.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\vnlzvtjxunacfinbngy.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ibapmlcrpjxaeiodqkdc.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ujepidqbvlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\brnztpdpkbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\brnztpdpkbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ujepidqbvlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\kbylgdsfbtfgikobme.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ujepidqbvlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ojkbabullhxciowncytulk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\brnztpdpkbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ibapmlcrpjxaeiodqkdc.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File created | C:\Windows\orazgpqpxbzmaoedaehqpwfgfn.pcq | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\brnztpdpkbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\kbylgdsfbtfgikobme.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\vnlzvtjxunacfinbngy.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ibapmlcrpjxaeiodqkdc.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\vnlzvtjxunacfinbngy.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\brnztpdpkbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\kbylgdsfbtfgikobme.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ibapmlcrpjxaeiodqkdc.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ujepidqbvlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ujepidqbvlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ujepidqbvlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ojkbabullhxciowncytulk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ujepidqbvlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ojkbabullhxciowncytulk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\xrrhffxnmhwafkrhvqkka.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ojkbabullhxciowncytulk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\brnztpdpkbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\xrrhffxnmhwafkrhvqkka.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\kbylgdsfbtfgikobme.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ujepidqbvlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\ibapmlcrpjxaeiodqkdc.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\vnlzvtjxunacfinbngy.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\ojkbabullhxciowncytulk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ujepidqbvlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\xrrhffxnmhwafkrhvqkka.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ibapmlcrpjxaeiodqkdc.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\brnztpdpkbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\pdxhztfpixgedcdnvkyscuoakdsbzyxyiqftn.pjv | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\ibapmlcrpjxaeiodqkdc.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\kbylgdsfbtfgikobme.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\brnztpdpkbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ibapmlcrpjxaeiodqkdc.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\brnztpdpkbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\xrrhffxnmhwafkrhvqkka.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ojkbabullhxciowncytulk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\kbylgdsfbtfgikobme.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\xrrhffxnmhwafkrhvqkka.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\ujepidqbvlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\vnlzvtjxunacfinbngy.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\xrrhffxnmhwafkrhvqkka.exe | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| File opened for modification | C:\Windows\orazgpqpxbzmaoedaehqpwfgfn.pcq | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vnlzvtjxunacfinbngy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ujepidqbvlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xrrhffxnmhwafkrhvqkka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ibapmlcrpjxaeiodqkdc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kbylgdsfbtfgikobme.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ujepidqbvlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xrrhffxnmhwafkrhvqkka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kbylgdsfbtfgikobme.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ibapmlcrpjxaeiodqkdc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ujepidqbvlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ibapmlcrpjxaeiodqkdc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ujepidqbvlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\brnztpdpkbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\brnztpdpkbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ibapmlcrpjxaeiodqkdc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vnlzvtjxunacfinbngy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\brnztpdpkbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\brnztpdpkbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ujepidqbvlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ibapmlcrpjxaeiodqkdc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kbylgdsfbtfgikobme.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kbylgdsfbtfgikobme.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ujepidqbvlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kbylgdsfbtfgikobme.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xrrhffxnmhwafkrhvqkka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vnlzvtjxunacfinbngy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vnlzvtjxunacfinbngy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\brnztpdpkbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ibapmlcrpjxaeiodqkdc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vnlzvtjxunacfinbngy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\brnztpdpkbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ujepidqbvlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe"
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c5053b6a278897cf8629be4ba93b3030.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."
C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe
"C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe" "-C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe"
C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe
"C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe" "-C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe .
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe .
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\xrrhffxnmhwafkrhvqkka.exe*."
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\xrrhffxnmhwafkrhvqkka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\xrrhffxnmhwafkrhvqkka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe .
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe .
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\xrrhffxnmhwafkrhvqkka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe .
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\xrrhffxnmhwafkrhvqkka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\xrrhffxnmhwafkrhvqkka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe .
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\xrrhffxnmhwafkrhvqkka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\xrrhffxnmhwafkrhvqkka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe .
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\xrrhffxnmhwafkrhvqkka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe .
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe
C:\Windows\xrrhffxnmhwafkrhvqkka.exe
xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ibapmlcrpjxaeiodqkdc.exe
ibapmlcrpjxaeiodqkdc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\brnztpdpkbmmnordn.exe
brnztpdpkbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."
C:\Windows\ujepidqbvlvuuuwh.exe
ujepidqbvlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\kbylgdsfbtfgikobme.exe
kbylgdsfbtfgikobme.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe
C:\Windows\vnlzvtjxunacfinbngy.exe
vnlzvtjxunacfinbngy.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| GB | 23.44.65.9:80 | www.ebay.com | tcp |
| BY | 178.122.162.202:27691 | tcp | |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | aeyqymkgee.org | udp |
| BY | 178.122.162.202:27691 | tcp | |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | aqyrrmxkz.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | ovnrwqtipvv.net | udp |
| US | 8.8.8.8:53 | jscvmg.net | udp |
| US | 8.8.8.8:53 | pqumrvd.net | udp |
| US | 8.8.8.8:53 | dxtisnno.info | udp |
| US | 8.8.8.8:53 | acyyey.com | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | kyzydtdwv.net | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | yiawgoaoig.org | udp |
| US | 8.8.8.8:53 | eacgbydkdlg.net | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | jubqjqz.info | udp |
| US | 8.8.8.8:53 | tpoupzil.net | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | aieoyeogouee.com | udp |
| US | 8.8.8.8:53 | wtftrvhm.net | udp |
| US | 8.8.8.8:53 | suztbupdigf.info | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | ooageu.org | udp |
| US | 8.8.8.8:53 | btfmmham.info | udp |
| US | 8.8.8.8:53 | unvecyahro.info | udp |
| US | 8.8.8.8:53 | nciinn.info | udp |
| US | 8.8.8.8:53 | dxdnlsrmksf.info | udp |
| US | 8.8.8.8:53 | hivtqijot.info | udp |
| US | 8.8.8.8:53 | yewjwlegot.net | udp |
| US | 8.8.8.8:53 | kekeko.com | udp |
| CA | 209.172.40.245:80 | kekeko.com | tcp |
| US | 8.8.8.8:53 | lbvvrf.net | udp |
| US | 8.8.8.8:53 | xntbsw.info | udp |
| US | 8.8.8.8:53 | vczztgr.org | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | vknqpkztt.org | udp |
| US | 8.8.8.8:53 | xmkyyoyv.net | udp |
| US | 8.8.8.8:53 | hcvcekdht.info | udp |
| US | 8.8.8.8:53 | tseybqgdb.net | udp |
| US | 8.8.8.8:53 | dpkkxg.info | udp |
| IT | 195.110.124.133:80 | iwemag.com | tcp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | dabhuj.net | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | bijioimmq.net | udp |
| US | 8.8.8.8:53 | fihjrrnguvmq.net | udp |
| US | 8.8.8.8:53 | ahnjkhxy.info | udp |
| US | 8.8.8.8:53 | oefxqbtj.info | udp |
| US | 8.8.8.8:53 | sxhoqf.info | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | garynjfqf.net | udp |
| US | 8.8.8.8:53 | eckmgg.org | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | iqmgzkoxl.net | udp |
| US | 8.8.8.8:53 | rwfokij.net | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | kmikomikqckg.com | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | lexjorjlbhq.org | udp |
| US | 8.8.8.8:53 | xustjkt.com | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | rcdorur.info | udp |
| US | 8.8.8.8:53 | jyeuzd.info | udp |
| US | 8.8.8.8:53 | yxzqtwhoq.info | udp |
| US | 8.8.8.8:53 | sofopswuuym.net | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | jelvdocovu.net | udp |
| US | 8.8.8.8:53 | dutejaeahe.info | udp |
| US | 8.8.8.8:53 | gjveqwbteaex.info | udp |
| US | 8.8.8.8:53 | tdrizhanqs.net | udp |
| US | 8.8.8.8:53 | vcemhcvwotr.info | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | kcfzdhtyhtbm.info | udp |
| US | 8.8.8.8:53 | lpgxktnjezgw.net | udp |
| US | 8.8.8.8:53 | ivvuttqyfeby.net | udp |
| US | 8.8.8.8:53 | heryfeh.org | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | qowqosye.org | udp |
| US | 8.8.8.8:53 | xurfjknut.net | udp |
| US | 8.8.8.8:53 | bmxeulf.com | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | jqlwjzv.com | udp |
| US | 8.8.8.8:53 | utgwaqyjgb.info | udp |
| US | 8.8.8.8:53 | vntuik.net | udp |
| US | 8.8.8.8:53 | ioxkjqzqpuf.net | udp |
| US | 8.8.8.8:53 | igvanbx.net | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | qiijvr.info | udp |
| US | 8.8.8.8:53 | ppdhevvirgfu.info | udp |
| US | 8.8.8.8:53 | ntvwyyxtdoj.info | udp |
| US | 8.8.8.8:53 | blczoa.net | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | yeyammwmcm.org | udp |
| US | 8.8.8.8:53 | vxgunu.info | udp |
| US | 8.8.8.8:53 | lwvyfex.com | udp |
| US | 8.8.8.8:53 | gjxljvvy.net | udp |
| US | 8.8.8.8:53 | yyrabegyxun.net | udp |
| US | 8.8.8.8:53 | vjqixv.net | udp |
| US | 8.8.8.8:53 | tlounqrgzuw.org | udp |
| US | 8.8.8.8:53 | fojqbjnov.org | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | rmpihmj.org | udp |
| US | 8.8.8.8:53 | qcasbce.net | udp |
| US | 8.8.8.8:53 | ycworew.net | udp |
| US | 8.8.8.8:53 | ajabxauburla.info | udp |
| US | 8.8.8.8:53 | hwxozvbdxh.net | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | nczwfklclou.net | udp |
| US | 8.8.8.8:53 | wvfsqyizpu.info | udp |
| US | 8.8.8.8:53 | zfnxchvqhbhx.info | udp |
| US | 8.8.8.8:53 | ivucbnhwfeg.net | udp |
| US | 8.8.8.8:53 | salzjxxdqvqz.net | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | fuothb.info | udp |
| US | 8.8.8.8:53 | wacokycgky.org | udp |
| US | 8.8.8.8:53 | xkvazepssln.org | udp |
| US | 8.8.8.8:53 | jcxccnj.info | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | thpqpp.net | udp |
| US | 8.8.8.8:53 | teutarmtihnn.net | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | jrnlzr.info | udp |
| US | 8.8.8.8:53 | iqlatqh.net | udp |
| US | 8.8.8.8:53 | iwuimkey.com | udp |
| US | 8.8.8.8:53 | bqqxelvhrz.info | udp |
| US | 8.8.8.8:53 | zodigrf.net | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | cmgwqm.org | udp |
| US | 8.8.8.8:53 | tepaav.info | udp |
| US | 8.8.8.8:53 | ackaecskyeyc.com | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | agsuaskkaicu.com | udp |
| US | 8.8.8.8:53 | bhvlejgrbe.info | udp |
| US | 8.8.8.8:53 | vnqlby.info | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | dayeocqiwk.info | udp |
| US | 8.8.8.8:53 | xnvdciawrd.info | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | qwcigsuauk.org | udp |
| US | 8.8.8.8:53 | ghmuvphem.info | udp |
| US | 8.8.8.8:53 | qclwrgj.net | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | nsfkudrunez.net | udp |
| US | 8.8.8.8:53 | cswqnjzgr.info | udp |
| US | 8.8.8.8:53 | eqrnva.net | udp |
| US | 8.8.8.8:53 | isiawauy.com | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | nujrrkrmuqt.org | udp |
| US | 8.8.8.8:53 | iazcpmn.info | udp |
| US | 8.8.8.8:53 | girokhtn.info | udp |
| US | 8.8.8.8:53 | opoiednozwk.info | udp |
| US | 8.8.8.8:53 | wzmpscdrchbj.net | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | epughazeka.info | udp |
| US | 8.8.8.8:53 | coomqimu.org | udp |
| US | 8.8.8.8:53 | thnwzbzrfef.net | udp |
| US | 8.8.8.8:53 | ucoeskow.org | udp |
| US | 8.8.8.8:53 | zarxomn.net | udp |
| US | 8.8.8.8:53 | cbpicprdguen.net | udp |
| US | 8.8.8.8:53 | howxzyvfb.com | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | pwicqnqgnv.info | udp |
| US | 8.8.8.8:53 | ysuvlrlf.net | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
| MD5 | 5203b6ea0901877fbf2d8d6f6d8d338e |
| SHA1 | c803e92561921b38abe13239c1fd85605b570936 |
| SHA256 | 0cc02d34d5fd4cf892fed282f98c1ad3e7dd6159a8877ae5c46d3f834ed36060 |
| SHA512 | d48a41b4fc4c38a6473f789c02918fb7353a4b4199768a3624f3b685d91d38519887a1ccd3616e0d2b079a346afaec5a0f2ef2c46d72d3097ef561cedb476471 |
C:\Windows\SysWOW64\kbylgdsfbtfgikobme.exe
| MD5 | c5053b6a278897cf8629be4ba93b3030 |
| SHA1 | 8bbc4116b965c3546d3d52d2d90eca8d5979901f |
| SHA256 | 25513f2b017ee242a254117f14ff49bb55f034a64265724e8e76d49a696b2d60 |
| SHA512 | 15b961286782c54d9bc04722679570afea0112facc107e17669c4cd4ea9695c198d312d91019275b850214f6b116fd88d5531b23555f364e6d0200ea1cdbe617 |
C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe
| MD5 | 90db20a22234f853f50dda6ae0686b57 |
| SHA1 | 4c4d1139eccdba2efee2c8bac21879650dd53c08 |
| SHA256 | 1d74a1bc45d05ef50a7f433b3c1870df34acd1c802f51b10bb778c38810123bb |
| SHA512 | 58a5cd82435c50fe54637df45fa9e1647ca1b127b9fa2c06f621d443331543715797299bcb7fec76eaaeee71e6227f954658437a7f5e2871f01b36403b3ff2dd |
C:\Users\Admin\AppData\Local\pdxhztfpixgedcdnvkyscuoakdsbzyxyiqftn.pjv
| MD5 | 2dcdc111f9aafe9ef692a7b077fbf111 |
| SHA1 | 010d6d853d5ea9743d761eecb5b5cd82396d8167 |
| SHA256 | 4ac5d1ad1a630c79f87fdfaf37ae1f726b1d11078f4c036a0c6c2ea551286d0e |
| SHA512 | 8d675261c88a04900904112f51e04adfd725c1dd1ff437272c673f39cf9935ffcc896560179ad7db84bcd97fd1a4a26d89ae6dcd3175aedf15ef5ce68369d733 |
C:\Program Files (x86)\orazgpqpxbzmaoedaehqpwfgfn.pcq
| MD5 | f75bd238a69da92aa9d828b5add77b16 |
| SHA1 | d6e0ac7a976f5d7baf7aaf2328958b215fe22ada |
| SHA256 | f0f242855da9ac32f9d40cb195384e4ed5c8bc2760e4ea078d45d6c89849328c |
| SHA512 | 5c1dee8215aff6682fc56f477d60616f873e845c7afb178753356c46053f57063bfe66de667efc941fb2ea34e4713b5357370cfe47d3c8379c8321b98639e4a2 |
C:\Program Files (x86)\orazgpqpxbzmaoedaehqpwfgfn.pcq
| MD5 | 72509ae66b1c311886c88e48e07bd60c |
| SHA1 | ae607733faf17d4f233b51abb10b528935804fe9 |
| SHA256 | bd4f6caf57562d227f6ab767f80f71cfe8c615b3c651c8590a20bf45891195a8 |
| SHA512 | bb9744b126304fc63e3103bb02d4f37e0b7a5cc9dc41e716f5b99df5079368dfc98655388608de071d5283439aa19d7c55b46875bac10afdc5fcd5ae489684a6 |
C:\Users\Admin\AppData\Local\orazgpqpxbzmaoedaehqpwfgfn.pcq
| MD5 | 433e2375996643db4b0b4dc1b95842d2 |
| SHA1 | 148f8cb06353bb6da6c229e0fabd09285d9f3e06 |
| SHA256 | 5225c639a20bd6cc41e9f9342a46316028b049ec7780037db1be8ad436bad7b2 |
| SHA512 | d64342f931db8128e1c1d08c47c5d4aa4ce8cd4990f32063cc8bf3e89c49352e96da6b1b32a8af4f49dc95605bd7cc04143d3646108284097ef68be90d5c0f44 |
C:\Program Files (x86)\orazgpqpxbzmaoedaehqpwfgfn.pcq
| MD5 | 96beb14f11b16d46ee729f3ab44d2a9b |
| SHA1 | b8fd067bc4698ee28c9d69822c4e2d3cea0ca6f9 |
| SHA256 | 7ef18932bbfeeed7f27f54a7960a7d68bd1796071812551440b17809c52be3ac |
| SHA512 | 1972eee210fda633eae191ee29e5fb9a125b3bad2c6374a40306c1f54988fb6bd7ba9f9360750dead54ff3d6b830bf0e94e30df1b1261f5789f74d2cdaa897a1 |
C:\Program Files (x86)\orazgpqpxbzmaoedaehqpwfgfn.pcq
| MD5 | 93f0751122c8e215a2fc83eb68b29583 |
| SHA1 | a94f0abb11402ae77577885708d299420238d1e3 |
| SHA256 | 092a0f9aa80f5aeb022ac714db339d9745d4d264d7c2fe4c9affb20c38e265fe |
| SHA512 | 30331c658a51ea5e412b4328156f44a3e46faf4649a3003c90faf85ff21b8f88e865761f1677a7d5daa02235fc89a350bf8557507100a5fed93add715a715348 |
C:\Program Files (x86)\orazgpqpxbzmaoedaehqpwfgfn.pcq
| MD5 | 2ceb8c2b9f6411c3859457323b3be4f0 |
| SHA1 | 4f5b16361b59804eb3db706b3691842f3e1fe962 |
| SHA256 | 7a00f14c0b3a667f0ae0266c04a5905e309348e25b799d42e49c9991e88e9175 |
| SHA512 | 7044695c821571ed08175fb1ff003054171c3fe1a7b648204013df501bcdd22172c8eb291bf261c3085ec983c3d045472b66b9782f4be31043e1260f5ccb09cb |
C:\Program Files (x86)\orazgpqpxbzmaoedaehqpwfgfn.pcq
| MD5 | 35ca5f5d7fb9b3881211404a5bcd1ae7 |
| SHA1 | 4fa68148279af21f0a4c9457b48cc5ceb73925d5 |
| SHA256 | 1ac20961224e6bf378974400419578bcc58db2553aaa6ca7a9a5ef3d1710908e |
| SHA512 | 3eb2d18ee87dec05d68592b5a9b7f5bd1ffb25056e893d40349b9b973f6389dc894a49709c1e427695ea413bd659ff1f7611abb96c0be39d2da39a97880a3b30 |
C:\Users\Admin\AppData\Local\orazgpqpxbzmaoedaehqpwfgfn.pcq
| MD5 | fc611751f4addef07c8cceb6a27c3bad |
| SHA1 | fe7469e503744211849bfd177a194f6029358f61 |
| SHA256 | cbc731d6e9e59ed69484b2d3a515a9874b492021fb5ae04f6550a69b2c511485 |
| SHA512 | 52283945e23c959a8ef2f1de07d6aa00213db3a24d6db5120e9c5e3c001940a6e8b6ba2649d3807943f148dcbdf78f49e0472416673623d41bb7a1303f7f210e |