Analysis Overview
SHA256
2e7aa86c211bcba2701f0d5acd491714bcbaf5f5cd6e930bc9795fdfb2a7f859
Threat Level: Known bad
The file JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b was found to be: Known bad.
Malicious Activity Summary
Pykspa
UAC bypass
Modifies WinLogon for persistence
Pykspa family
Detect Pykspa worm
Adds policy Run key to start application
Disables RegEdit via registry modification
Impair Defenses: Safe Mode Boot
Executes dropped EXE
Checks computer location settings
Hijack Execution Flow: Executable Installer File Permissions Weakness
Checks whether UAC is enabled
Looks up external IP address via web service
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
System policy modification
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-21 05:13
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2025-04-21 05:13
Reported
2025-04-21 05:16
Platform
win11-20250410-en
Max time kernel
55s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "ukdwfumcztnffiza.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "bsmgqgzqojexycuwp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcxsduogfbxrtyruoe.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "kcxsduogfbxrtyruoe.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcxsduogfbxrtyruoe.exe" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "ukdwfumcztnffiza.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "bsmgqgzqojexycuwp.exe" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "bsmgqgzqojexycuwp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukdwfumcztnffiza.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcxsduogfbxrtyruoe.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "ukdwfumcztnffiza.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcxsduogfbxrtyruoe.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iczwjcystrplpwrwskeb.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iczwjcystrplpwrwskeb.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "kcxsduogfbxrtyruoe.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "bsmgqgzqojexycuwp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "ukdwfumcztnffiza.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcxsduogfbxrtyruoe.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "vokgskfyyvsnqwqupgz.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\gps = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tpftezlithjdvvyp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\gps = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wxslbbsukdkjgltpvsklg.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukdwfumcztnffiza.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "kcxsduogfbxrtyruoe.exe" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iczwjcystrplpwrwskeb.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "xsqocwtoqpolqyuaxqljh.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "ukdwfumcztnffiza.exe" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "ukdwfumcztnffiza.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "ukdwfumcztnffiza.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iczwjcystrplpwrwskeb.exe" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "vokgskfyyvsnqwqupgz.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "iczwjcystrplpwrwskeb.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vokgskfyyvsnqwqupgz.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\gps = "C:\\Users\\Admin\\AppData\\Local\\Temp\\axodplywixavoptln.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "kcxsduogfbxrtyruoe.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "iczwjcystrplpwrwskeb.exe" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "vokgskfyyvsnqwqupgz.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "bsmgqgzqojexycuwp.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\lyoekwlysjapm = "xsqocwtoqpolqyuaxqljh.exe" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "iczwjcystrplpwrwskeb.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "xsqocwtoqpolqyuaxqljh.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "ukdwfumcztnffiza.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "kcxsduogfbxrtyruoe.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\lyoekwlysjapm = "kcxsduogfbxrtyruoe.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pewowkbqmfypoqg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "ukdwfumcztnffiza.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pewowkbqmfypoqg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukdwfumcztnffiza.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukdwfumcztnffiza = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcxsduogfbxrtyruoe.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "vokgskfyyvsnqwqupgz.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iczwjcystrplpwrwskeb.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "vokgskfyyvsnqwqupgz.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iczwjcystrplpwrwskeb.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\lyoekwlysjapm = "iczwjcystrplpwrwskeb.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "vokgskfyyvsnqwqupgz.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vokgskfyyvsnqwqupgz.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "xsqocwtoqpolqyuaxqljh.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "bsmgqgzqojexycuwp.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\whmpp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wxslbbsukdkjgltpvsklg.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "kcxsduogfbxrtyruoe.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\lyoekwlysjapm = "iczwjcystrplpwrwskeb.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "bsmgqgzqojexycuwp.exe" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukdwfumcztnffiza.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tjtbgvbsxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\axodplywixavoptln.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "kcxsduogfbxrtyruoe.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iczwjcystrplpwrwskeb.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "kcxsduogfbxrtyruoe.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukdwfumcztnffiza = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukdwfumcztnffiza = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pewowkbqmfypoqg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vokgskfyyvsnqwqupgz.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iczwjcystrplpwrwskeb.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "ukdwfumcztnffiza.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcxsduogfbxrtyruoe.exe" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "ukdwfumcztnffiza.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "ukdwfumcztnffiza.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pewowkbqmfypoqg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iczwjcystrplpwrwskeb.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukdwfumcztnffiza = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pewowkbqmfypoqg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iczwjcystrplpwrwskeb.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "iczwjcystrplpwrwskeb.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pewowkbqmfypoqg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "vokgskfyyvsnqwqupgz.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "vokgskfyyvsnqwqupgz.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\lyoekwlysjapm = "xsqocwtoqpolqyuaxqljh.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\uhotvhk = "wxslbbsukdkjgltpvsklg.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukdwfumcztnffiza.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukdwfumcztnffiza.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukdwfumcztnffiza = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vokgskfyyvsnqwqupgz.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "iczwjcystrplpwrwskeb.exe" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "bsmgqgzqojexycuwp.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "kcxsduogfbxrtyruoe.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "vokgskfyyvsnqwqupgz.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "iczwjcystrplpwrwskeb.exe ." | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\lyoekwlysjapm = "iczwjcystrplpwrwskeb.exe" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iczwjcystrplpwrwskeb.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bsmgqgzqojexycuwp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\bsmgqgzqojexycuwp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oszgdgmqbjrxlchwceipwtwcgr.hnb | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| File created | C:\Windows\SysWOW64\bsmgqgzqojexycuwp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bsmgqgzqojexycuwp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vokgskfyyvsnqwqupgz.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kcxsduogfbxrtyruoe.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\ukdwfumcztnffiza.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\vokgskfyyvsnqwqupgz.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ukdwfumcztnffiza.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ukdwfumcztnffiza.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vokgskfyyvsnqwqupgz.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vokgskfyyvsnqwqupgz.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\bsmgqgzqojexycuwp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ukdwfumcztnffiza.exe | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| File created | C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\vokgskfyyvsnqwqupgz.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kcxsduogfbxrtyruoe.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| File created | C:\Windows\SysWOW64\ukdwfumcztnffiza.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\bsmgqgzqojexycuwp.exe | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iczwjcystrplpwrwskeb.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\pewowkbqmfypoqggxkzrjrfwlhatkjlbbsfum.mar | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| File created | C:\Windows\SysWOW64\kcxsduogfbxrtyruoe.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iczwjcystrplpwrwskeb.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ukdwfumcztnffiza.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iczwjcystrplpwrwskeb.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bsmgqgzqojexycuwp.exe | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bsmgqgzqojexycuwp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\bsmgqgzqojexycuwp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ukdwfumcztnffiza.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ukdwfumcztnffiza.exe | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\vokgskfyyvsnqwqupgz.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\bsmgqgzqojexycuwp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ukdwfumcztnffiza.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\kcxsduogfbxrtyruoe.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ukdwfumcztnffiza.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\kcxsduogfbxrtyruoe.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kcxsduogfbxrtyruoe.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\ukdwfumcztnffiza.exe | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\SysWOW64\vokgskfyyvsnqwqupgz.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\oszgdgmqbjrxlchwceipwtwcgr.hnb | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| File opened for modification | C:\Program Files (x86)\pewowkbqmfypoqggxkzrjrfwlhatkjlbbsfum.mar | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| File created | C:\Program Files (x86)\pewowkbqmfypoqggxkzrjrfwlhatkjlbbsfum.mar | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| File opened for modification | C:\Program Files (x86)\oszgdgmqbjrxlchwceipwtwcgr.hnb | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\kcxsduogfbxrtyruoe.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\iczwjcystrplpwrwskeb.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\xsqocwtoqpolqyuaxqljh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ukdwfumcztnffiza.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\iczwjcystrplpwrwskeb.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\iczwjcystrplpwrwskeb.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\iczwjcystrplpwrwskeb.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\xsqocwtoqpolqyuaxqljh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\vokgskfyyvsnqwqupgz.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\vokgskfyyvsnqwqupgz.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\bsmgqgzqojexycuwp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\xsqocwtoqpolqyuaxqljh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\kcxsduogfbxrtyruoe.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\vokgskfyyvsnqwqupgz.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\kcxsduogfbxrtyruoe.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\vokgskfyyvsnqwqupgz.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\vokgskfyyvsnqwqupgz.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\kcxsduogfbxrtyruoe.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\iczwjcystrplpwrwskeb.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ukdwfumcztnffiza.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\kcxsduogfbxrtyruoe.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\xsqocwtoqpolqyuaxqljh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ukdwfumcztnffiza.exe | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| File opened for modification | C:\Windows\vokgskfyyvsnqwqupgz.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\bsmgqgzqojexycuwp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\bsmgqgzqojexycuwp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ukdwfumcztnffiza.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\kcxsduogfbxrtyruoe.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\bsmgqgzqojexycuwp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\kcxsduogfbxrtyruoe.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\vokgskfyyvsnqwqupgz.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\bsmgqgzqojexycuwp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\bsmgqgzqojexycuwp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\bsmgqgzqojexycuwp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\kcxsduogfbxrtyruoe.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\iczwjcystrplpwrwskeb.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| File opened for modification | C:\Windows\xsqocwtoqpolqyuaxqljh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\ukdwfumcztnffiza.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\bsmgqgzqojexycuwp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\iczwjcystrplpwrwskeb.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\iczwjcystrplpwrwskeb.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\bsmgqgzqojexycuwp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\xsqocwtoqpolqyuaxqljh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\ukdwfumcztnffiza.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\vokgskfyyvsnqwqupgz.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\vokgskfyyvsnqwqupgz.exe | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| File opened for modification | C:\Windows\iczwjcystrplpwrwskeb.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\bsmgqgzqojexycuwp.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\iczwjcystrplpwrwskeb.exe | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| File opened for modification | C:\Windows\iczwjcystrplpwrwskeb.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\bsmgqgzqojexycuwp.exe | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| File opened for modification | C:\Windows\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\iczwjcystrplpwrwskeb.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\vokgskfyyvsnqwqupgz.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File created | C:\Windows\kcxsduogfbxrtyruoe.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| File opened for modification | C:\Windows\okjixsqmpppntczgeyutsh.exe | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kcxsduogfbxrtyruoe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\iczwjcystrplpwrwskeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\iczwjcystrplpwrwskeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\utmdrpeesjolgjpjniy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ukdwfumcztnffiza.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ukdwfumcztnffiza.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vokgskfyyvsnqwqupgz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kcxsduogfbxrtyruoe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\iczwjcystrplpwrwskeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\iczwjcystrplpwrwskeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vokgskfyyvsnqwqupgz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tpftezlithjdvvyp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\iczwjcystrplpwrwskeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kcxsduogfbxrtyruoe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tpftezlithjdvvyp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jhzpcznmzptpjlqjmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jhzpcznmzptpjlqjmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ukdwfumcztnffiza.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kcxsduogfbxrtyruoe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kcxsduogfbxrtyruoe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kcxsduogfbxrtyruoe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\iczwjcystrplpwrwskeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jhzpcznmzptpjlqjmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vokgskfyyvsnqwqupgz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vokgskfyyvsnqwqupgz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bsmgqgzqojexycuwp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xsqocwtoqpolqyuaxqljh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xsqocwtoqpolqyuaxqljh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bsmgqgzqojexycuwp.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe"
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c7e5d9b24e40b9b5909256350f70b10b.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe
"C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c7e5d9b24e40b9b5909256350f70b10b.exe"
C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe
"C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c7e5d9b24e40b9b5909256350f70b10b.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xsqocwtoqpolqyuaxqljh.exe*."
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ukdwfumcztnffiza.exe*."
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe .
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xsqocwtoqpolqyuaxqljh.exe*."
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xsqocwtoqpolqyuaxqljh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ukdwfumcztnffiza.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\kcxsduogfbxrtyruoe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xsqocwtoqpolqyuaxqljh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\kcxsduogfbxrtyruoe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ukdwfumcztnffiza.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xsqocwtoqpolqyuaxqljh.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ukdwfumcztnffiza.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ukdwfumcztnffiza.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\kcxsduogfbxrtyruoe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xsqocwtoqpolqyuaxqljh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\kcxsduogfbxrtyruoe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tpftezlithjdvvyp.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tpftezlithjdvvyp.exe
tpftezlithjdvvyp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wxslbbsukdkjgltpvsklg.exe .
C:\Windows\wxslbbsukdkjgltpvsklg.exe
wxslbbsukdkjgltpvsklg.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\wxslbbsukdkjgltpvsklg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wxslbbsukdkjgltpvsklg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c axodplywixavoptln.exe .
C:\Windows\wxslbbsukdkjgltpvsklg.exe
wxslbbsukdkjgltpvsklg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hhbtihxynfljfjqlqmdd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\axodplywixavoptln.exe
axodplywixavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe
C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe
C:\Users\Admin\AppData\Local\Temp\hhbtihxynfljfjqlqmdd.exe
C:\Users\Admin\AppData\Local\Temp\hhbtihxynfljfjqlqmdd.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\axodplywixavoptln.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\hhbtihxynfljfjqlqmdd.exe*."
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wxslbbsukdkjgltpvsklg.exe
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\wxslbbsukdkjgltpvsklg.exe
C:\Users\Admin\AppData\Local\Temp\wxslbbsukdkjgltpvsklg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\tpftezlithjdvvyp.exe*."
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c utmdrpeesjolgjpjniy.exe
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tpftezlithjdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c axodplywixavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Windows\utmdrpeesjolgjpjniy.exe
utmdrpeesjolgjpjniy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c axodplywixavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\kcxsduogfbxrtyruoe.exe*."
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\utmdrpeesjolgjpjniy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."
C:\Windows\tpftezlithjdvvyp.exe
tpftezlithjdvvyp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Windows\axodplywixavoptln.exe
axodplywixavoptln.exe
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe
C:\Windows\axodplywixavoptln.exe
axodplywixavoptln.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\tpftezlithjdvvyp.exe*."
C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\utmdrpeesjolgjpjniy.exe
C:\Users\Admin\AppData\Local\Temp\utmdrpeesjolgjpjniy.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ukdwfumcztnffiza.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\axodplywixavoptln.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wxslbbsukdkjgltpvsklg.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\tpftezlithjdvvyp.exe*."
C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\wxslbbsukdkjgltpvsklg.exe
C:\Users\Admin\AppData\Local\Temp\wxslbbsukdkjgltpvsklg.exe .
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\wxslbbsukdkjgltpvsklg.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ukdwfumcztnffiza.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\kcxsduogfbxrtyruoe.exe*."
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xsqocwtoqpolqyuaxqljh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xsqocwtoqpolqyuaxqljh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xsqocwtoqpolqyuaxqljh.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c utmdrpeesjolgjpjniy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .
C:\Windows\utmdrpeesjolgjpjniy.exe
utmdrpeesjolgjpjniy.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c utmdrpeesjolgjpjniy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."
C:\Windows\utmdrpeesjolgjpjniy.exe
utmdrpeesjolgjpjniy.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\kcxsduogfbxrtyruoe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhzpcznmzptpjlqjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\utmdrpeesjolgjpjniy.exe*."
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhzpcznmzptpjlqjmg.exe .
C:\Windows\jhzpcznmzptpjlqjmg.exe
jhzpcznmzptpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe .
C:\Windows\jhzpcznmzptpjlqjmg.exe
jhzpcznmzptpjlqjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhzpcznmzptpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe
C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\jhzpcznmzptpjlqjmg.exe*."
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\jhzpcznmzptpjlqjmg.exe
C:\Users\Admin\AppData\Local\Temp\jhzpcznmzptpjlqjmg.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\jhzpcznmzptpjlqjmg.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe
C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe
C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe .
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\tpftezlithjdvvyp.exe*."
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\kcxsduogfbxrtyruoe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xsqocwtoqpolqyuaxqljh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ukdwfumcztnffiza.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ukdwfumcztnffiza.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\iczwjcystrplpwrwskeb.exe
iczwjcystrplpwrwskeb.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."
C:\Windows\xsqocwtoqpolqyuaxqljh.exe
xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe
C:\Windows\vokgskfyyvsnqwqupgz.exe
vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe .
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bsmgqgzqojexycuwp.exe
bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe
C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hhbtihxynfljfjqlqmdd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe
"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c axodplywixavoptln.exe .
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\kcxsduogfbxrtyruoe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Windows\hhbtihxynfljfjqlqmdd.exe
hhbtihxynfljfjqlqmdd.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c axodplywixavoptln.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."
C:\Windows\kcxsduogfbxrtyruoe.exe
kcxsduogfbxrtyruoe.exe .
C:\Windows\ukdwfumcztnffiza.exe
ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhzpcznmzptpjlqjmg.exe .
C:\Windows\axodplywixavoptln.exe
axodplywixavoptln.exe .
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe
C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wxslbbsukdkjgltpvsklg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ukdwfumcztnffiza.exe*."
C:\Windows\axodplywixavoptln.exe
axodplywixavoptln.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hhbtihxynfljfjqlqmdd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| DE | 142.250.181.201:80 | www.blogger.com | tcp |
| LT | 78.58.26.61:21724 | tcp | |
| US | 52.11.240.239:80 | yknalenansnan.com | tcp |
| LT | 78.60.224.102:20733 | tcp | |
| LT | 78.62.13.88:41708 | tcp | |
| DE | 89.117.50.89:35224 | tcp | |
| US | 8.8.8.8:53 | gcnunkuiwcymao.biz | udp |
| US | 8.8.8.8:53 | cmecrwiq.info | udp |
| US | 8.8.8.8:53 | quigcenansnan.com | udp |
| LT | 80.243.25.16:16038 | tcp | |
| US | 8.8.8.8:53 | qqbfxqeoya.net | udp |
| US | 8.8.8.8:53 | akqipmiq.net | udp |
| LT | 78.62.87.209:14721 | tcp | |
| US | 8.8.8.8:53 | cgbywgeoya.biz | udp |
| LT | 78.63.100.27:15861 | tcp | |
| US | 8.8.8.8:53 | kqvomo.net | udp |
| US | 8.8.8.8:53 | pmxxgifox.org | udp |
| LT | 88.216.14.161:40518 | tcp | |
| US | 8.8.8.8:53 | hfhcdkn.cc | udp |
| LT | 88.222.187.125:39171 | tcp | |
| US | 8.8.8.8:53 | ksovoiiugkeq.info | udp |
| US | 8.8.8.8:53 | weoejaiq.info | udp |
| US | 8.8.8.8:53 | mcjgkcuiwcymao.info | udp |
| US | 8.8.8.8:53 | awdoageoya.biz | udp |
| LT | 88.216.49.253:14966 | tcp | |
| US | 8.8.8.8:53 | aubczufqbex.com | udp |
| LT | 78.58.13.154:29846 | tcp | |
| US | 8.8.8.8:53 | eexmdsdsholapet.org | udp |
| US | 8.8.8.8:53 | yqwkqeiq.biz | udp |
| US | 8.8.8.8:53 | aczswufqbex.cc | udp |
| LT | 78.62.69.177:30444 | tcp | |
| US | 8.8.8.8:53 | uyxyaguiwcymao.net | udp |
| LT | 78.56.179.199:33081 | tcp | |
| US | 8.8.8.8:53 | iodwkk.info | udp |
| US | 8.8.8.8:53 | zytejgn.com | udp |
| US | 8.8.8.8:53 | oitcuqfqbex.cc | udp |
| LT | 78.62.23.4:35844 | tcp | |
| LT | 78.58.36.154:41237 | tcp | |
| US | 8.8.8.8:53 | wkbrhqeoya.net | udp |
| US | 8.8.8.8:53 | ugxiqgeoya.biz | udp |
| US | 84.32.238.26:19273 | tcp | |
| US | 8.8.8.8:53 | godbpgfqbex.cc | udp |
| US | 8.8.8.8:53 | wsecgmiq.biz | udp |
| CA | 88.216.96.219:25335 | tcp | |
| US | 8.8.8.8:53 | cavsgqeoya.biz | udp |
| US | 8.8.8.8:53 | dqfulcn.cc | udp |
| US | 8.8.8.8:53 | zdiclwfox.org | udp |
| US | 8.8.8.8:53 | bjxctkn.com | udp |
| LT | 78.60.126.94:30637 | tcp | |
| US | 8.8.8.8:53 | sonmsguiwcymao.net | udp |
| US | 8.8.8.8:53 | yesswaiugkeq.biz | udp |
| US | 8.8.8.8:53 | ockwkwiq.biz | udp |
| US | 8.8.8.8:53 | iqdssqeoya.net | udp |
| US | 8.8.8.8:53 | tlnseifox.org | udp |
| US | 8.8.8.8:53 | jzkufsfox.cc | udp |
| US | 8.8.8.8:53 | wedkha.net | udp |
| US | 8.8.8.8:53 | aggedsiugkeq.biz | udp |
| US | 8.8.8.8:53 | lgjemifox.cc | udp |
| US | 8.8.8.8:53 | teeyesfox.com | udp |
| US | 8.8.8.8:53 | iiksqeiq.biz | udp |
| US | 8.8.8.8:53 | vorwjkn.com | udp |
| US | 8.8.8.8:53 | spcyamnansnan.com | udp |
| US | 8.8.8.8:53 | ouiclaiugkeq.info | udp |
| US | 8.8.8.8:53 | gikzowiq.net | udp |
| US | 8.8.8.8:53 | gdhaksdsholapet.org | udp |
| US | 8.8.8.8:53 | xxjohgn.cc | udp |
| US | 8.8.8.8:53 | unrslqfqbex.org | udp |
| US | 8.8.8.8:53 | ojaiekdsholapet.com | udp |
| US | 8.8.8.8:53 | aydyaqeoya.net | udp |
| US | 8.8.8.8:53 | eetgus.net | udp |
| US | 8.8.8.8:53 | iuhmisdsholapet.cc | udp |
| US | 8.8.8.8:53 | cegyfodsholapet.com | udp |
| US | 8.8.8.8:53 | qauaiwiq.net | udp |
| US | 8.8.8.8:53 | wkjcmqeoya.biz | udp |
| US | 8.8.8.8:53 | ijnkngfqbex.org | udp |
| US | 8.8.8.8:53 | qfdxjufqbex.cc | udp |
| US | 8.8.8.8:53 | kwlwcyeoya.biz | udp |
| US | 8.8.8.8:53 | ckmsgiiugkeq.biz | udp |
| US | 8.8.8.8:53 | pbkgmafox.cc | udp |
| US | 8.8.8.8:53 | akpmis.biz | udp |
| US | 8.8.8.8:53 | eapucyeoya.net | udp |
| US | 8.8.8.8:53 | ebhswkdsholapet.cc | udp |
| US | 8.8.8.8:53 | jurxicn.com | udp |
| US | 8.8.8.8:53 | cczwkgeoya.net | udp |
| US | 8.8.8.8:53 | oavnko.net | udp |
| US | 8.8.8.8:53 | wipylufqbex.cc | udp |
| US | 8.8.8.8:53 | iranpadsholapet.com | udp |
| US | 8.8.8.8:53 | ycrymk.biz | udp |
| US | 8.8.8.8:53 | cedoko.info | udp |
| US | 8.8.8.8:53 | zaldfafox.com | udp |
| US | 8.8.8.8:53 | fdtekgn.org | udp |
| US | 8.8.8.8:53 | keqkdaiugkeq.biz | udp |
| US | 8.8.8.8:53 | qslgfyfqbex.com | udp |
| US | 8.8.8.8:53 | ntguyifox.com | udp |
| US | 8.8.8.8:53 | eyepgmiq.biz | udp |
| US | 8.8.8.8:53 | jsfxdcn.com | udp |
| US | 8.8.8.8:53 | zvsqgwfox.cc | udp |
| US | 8.8.8.8:53 | akkzsmiq.biz | udp |
| US | 8.8.8.8:53 | medcayeoya.biz | udp |
| US | 8.8.8.8:53 | gwdjqufqbex.cc | udp |
| US | 8.8.8.8:53 | lusihsfox.cc | udp |
| US | 8.8.8.8:53 | kggqywiugkeq.info | udp |
| US | 8.8.8.8:53 | sylkkk.info | udp |
| US | 8.8.8.8:53 | kxpohsdsholapet.cc | udp |
| LT | 88.216.105.23:26119 | tcp | |
| US | 8.8.8.8:53 | cpcsmanansnan.cc | udp |
| US | 8.8.8.8:53 | suvfsgeoya.biz | udp |
| US | 8.8.8.8:53 | csudmaiq.net | udp |
| US | 8.8.8.8:53 | mwdicadsholapet.com | udp |
| US | 8.8.8.8:53 | kdisisdsholapet.cc | udp |
| US | 8.8.8.8:53 | oqxuwgeoya.biz | udp |
| US | 8.8.8.8:53 | emfkcgeoya.info | udp |
| US | 8.8.8.8:53 | ubvyukdsholapet.org | udp |
| US | 8.8.8.8:53 | wdwkwanansnan.cc | udp |
| US | 8.8.8.8:53 | iqgexwiq.net | udp |
| US | 8.8.8.8:53 | qasousiugkeq.net | udp |
| US | 8.8.8.8:53 | tcpfuifox.cc | udp |
| US | 8.8.8.8:53 | nujkukn.cc | udp |
| US | 8.8.8.8:53 | wospgeiq.info | udp |
| US | 8.8.8.8:53 | mmvrncuiwcymao.biz | udp |
| US | 8.8.8.8:53 | ybjynenansnan.com | udp |
| US | 8.8.8.8:53 | camquanansnan.com | udp |
| US | 8.8.8.8:53 | uookkaiugkeq.biz | udp |
| US | 8.8.8.8:53 | gkvbggeoya.biz | udp |
| US | 8.8.8.8:53 | nzrougn.org | udp |
| US | 8.8.8.8:53 | dgpklcn.cc | udp |
| US | 8.8.8.8:53 | uoxeok.net | udp |
| US | 8.8.8.8:53 | eylahwnansnan.com | udp |
| US | 8.8.8.8:53 | khwufanansnan.org | udp |
| US | 8.8.8.8:53 | geteqyeoya.info | udp |
| US | 8.8.8.8:53 | igvpjkuiwcymao.info | udp |
| US | 8.8.8.8:53 | grzqlyfqbex.cc | udp |
| US | 8.8.8.8:53 | nyeufwfox.org | udp |
| US | 8.8.8.8:53 | scpass.info | udp |
| US | 8.8.8.8:53 | qsleiqeoya.biz | udp |
| US | 8.8.8.8:53 | wgrcdadsholapet.cc | udp |
| US | 8.8.8.8:53 | xczyecn.com | udp |
| US | 8.8.8.8:53 | wipwmueoya.biz | udp |
| US | 8.8.8.8:53 | amngrguiwcymao.net | udp |
| US | 8.8.8.8:53 | stjrhenansnan.com | udp |
| US | 8.8.8.8:53 | rpwgtafox.org | udp |
| US | 8.8.8.8:53 | mmvkpkuiwcymao.net | udp |
| US | 8.8.8.8:53 | aaonhaiugkeq.info | udp |
| US | 8.8.8.8:53 | sftmlkdsholapet.org | udp |
| US | 8.8.8.8:53 | qvkojenansnan.org | udp |
| US | 8.8.8.8:53 | gcefaeiq.biz | udp |
| US | 8.8.8.8:53 | wyogswiugkeq.biz | udp |
| US | 8.8.8.8:53 | xjbgnsn.com | udp |
| US | 8.8.8.8:53 | jploakn.com | udp |
| US | 8.8.8.8:53 | mmrsnueoya.info | udp |
| US | 8.8.8.8:53 | cgeqqwiq.info | udp |
| US | 8.8.8.8:53 | omrekkdsholapet.com | udp |
| US | 8.8.8.8:53 | yvsfvadsholapet.com | udp |
| US | 8.8.8.8:53 | aefitcuiwcymao.info | udp |
| US | 8.8.8.8:53 | gqdkeueoya.net | udp |
| US | 8.8.8.8:53 | qdlypmnansnan.cc | udp |
| US | 8.8.8.8:53 | lozotkn.cc | udp |
| US | 8.8.8.8:53 | sifuwa.biz | udp |
| US | 8.8.8.8:53 | ksuegmiq.net | udp |
| US | 8.8.8.8:53 | razczcn.cc | udp |
| US | 8.8.8.8:53 | rqffzgn.com | udp |
| US | 8.8.8.8:53 | eepjbsuiwcymao.info | udp |
| US | 8.8.8.8:53 | aqzasqeoya.info | udp |
| US | 8.8.8.8:53 | vljnpwfox.org | udp |
| US | 8.8.8.8:53 | impifufqbex.cc | udp |
| US | 8.8.8.8:53 | ikkodiiugkeq.info | udp |
| US | 8.8.8.8:53 | asibuwiugkeq.info | udp |
| US | 8.8.8.8:53 | uxzsdkdsholapet.com | udp |
| US | 8.8.8.8:53 | mmjiwqfqbex.cc | udp |
| US | 8.8.8.8:53 | ocmzdmiq.net | udp |
| US | 8.8.8.8:53 | cynhmueoya.info | udp |
| US | 8.8.8.8:53 | sftccmnansnan.cc | udp |
| US | 8.8.8.8:53 | skcbwanansnan.org | udp |
| US | 8.8.8.8:53 | sqnxugeoya.biz | udp |
| US | 8.8.8.8:53 | oikiiiiugkeq.biz | udp |
| US | 8.8.8.8:53 | amddfodsholapet.cc | udp |
| US | 8.8.8.8:53 | bqvutkn.com | udp |
| US | 8.8.8.8:53 | motohkuiwcymao.net | udp |
| US | 8.8.8.8:53 | mogoveiq.biz | udp |
| US | 8.8.8.8:53 | wzzkladsholapet.org | udp |
| US | 8.8.8.8:53 | scwkxwnansnan.cc | udp |
| US | 8.8.8.8:53 | kkpnvqeoya.net | udp |
| US | 8.8.8.8:53 | oknujk.net | udp |
| US | 8.8.8.8:53 | mzrarenansnan.cc | udp |
| US | 8.8.8.8:53 | asegcmnansnan.cc | udp |
| US | 8.8.8.8:53 | csvymueoya.info | udp |
| US | 8.8.8.8:53 | oupsoo.biz | udp |
| US | 8.8.8.8:53 | eldudadsholapet.org | udp |
| US | 8.8.8.8:53 | ijdoxufqbex.com | udp |
| US | 8.8.8.8:53 | canobkuiwcymao.net | udp |
| US | 8.8.8.8:53 | uoxxjsuiwcymao.net | udp |
| US | 8.8.8.8:53 | prrshafox.com | udp |
| US | 8.8.8.8:53 | otaqdwnansnan.com | udp |
| US | 8.8.8.8:53 | msaivaiq.info | udp |
| US | 8.8.8.8:53 | afrkkgfqbex.com | udp |
| US | 8.8.8.8:53 | rppohcn.org | udp |
| US | 8.8.8.8:53 | igpwasuiwcymao.info | udp |
| US | 8.8.8.8:53 | eclmsyeoya.info | udp |
| US | 8.8.8.8:53 | fblelwfox.org | udp |
| US | 8.8.8.8:53 | gkhtjqfqbex.org | udp |
| US | 8.8.8.8:53 | ucbeacuiwcymao.info | udp |
| US | 8.8.8.8:53 | jcdplgn.cc | udp |
| US | 8.8.8.8:53 | ippooqfqbex.cc | udp |
| US | 8.8.8.8:53 | ckucgiiugkeq.net | udp |
| US | 8.8.8.8:53 | uozowk.net | udp |
| US | 8.8.8.8:53 | ktfelenansnan.cc | udp |
| US | 8.8.8.8:53 | ubqlsodsholapet.cc | udp |
| US | 8.8.8.8:53 | yqpmmcuiwcymao.net | udp |
| US | 8.8.8.8:53 | mozogqeoya.net | udp |
| US | 8.8.8.8:53 | hulcrifox.org | udp |
| US | 8.8.8.8:53 | utbongfqbex.com | udp |
| US | 8.8.8.8:53 | oqfigqeoya.net | udp |
| US | 8.8.8.8:53 | cgnkggeoya.info | udp |
| LT | 212.12.200.27:27888 | tcp | |
| US | 8.8.8.8:53 | uexuvmnansnan.org | udp |
| US | 8.8.8.8:53 | hgighifox.org | udp |
| US | 8.8.8.8:53 | gcvvqo.biz | udp |
| US | 8.8.8.8:53 | ieiyxaiq.info | udp |
| US | 8.8.8.8:53 | gzfiqkdsholapet.cc | udp |
| US | 8.8.8.8:53 | kkowcsdsholapet.cc | udp |
| US | 8.8.8.8:53 | silkwo.net | udp |
| US | 8.8.8.8:53 | qwqufaiq.net | udp |
| US | 8.8.8.8:53 | sqdscufqbex.org | udp |
| US | 8.8.8.8:53 | kpuxxkdsholapet.cc | udp |
| US | 8.8.8.8:53 | sqjwxueoya.net | udp |
| US | 8.8.8.8:53 | qsoufeiq.info | udp |
| US | 8.8.8.8:53 | oivygmnansnan.org | udp |
Files
C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
| MD5 | 85cb856b920e7b0b7b75115336fc2af2 |
| SHA1 | 1d1a207efec2f5187583b652c35aef74ee4c473f |
| SHA256 | 6fff20aabe8265b6e811c9dbcb987f9c15cf07d1d8b80ced7b287d96900f5c62 |
| SHA512 | 120ff9c77c19216e5691b6ba812f09f7db7b46685a391027fff56e5b73200f4211b6bac2c2d28cdfe461d1fbf10f1a3204adeedbd0a34a034a862c6278d901e8 |
C:\Windows\SysWOW64\kcxsduogfbxrtyruoe.exe
| MD5 | c7e5d9b24e40b9b5909256350f70b10b |
| SHA1 | fb9d569e524b0cbe1f4a4a600ada58f687a7aee4 |
| SHA256 | 2e7aa86c211bcba2701f0d5acd491714bcbaf5f5cd6e930bc9795fdfb2a7f859 |
| SHA512 | 2cb935a8f5f1bc4fafbcd7de1bd3dabe65e31a2f3f860dcfbc65aad89242841e59fc6fffec922f20f4c983723329503060b00e4e7152873730c7de41b93a17ea |
C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe
| MD5 | f07f32ba7de4c05773433b9ebaecca22 |
| SHA1 | 3d8b016945c36a3e713b55554dfe85a5b17422a9 |
| SHA256 | 7f70dad53114a27e1758ff4dadea9c4875975ea6c0f34d704c823839cb30f316 |
| SHA512 | ad7786f1d7f5064d0803efdee6fb7869703aaef0d0bc4b0b13fecae8873de0dbd02b9e1c9445f06f1d8952086348b2693f4aacfb92f7dbb0190b6fe4eedcbe4e |
C:\Users\Admin\AppData\Local\oszgdgmqbjrxlchwceipwtwcgr.hnb
| MD5 | bd7a0614f893c80e05ff848700f8b416 |
| SHA1 | 69631176bb9cd95a9fe0649c2b6eeb5d4e2f852f |
| SHA256 | 240f51d8bed75ec1d5d75672ce8464b60c2c896a823b52c3a37e72303a73b037 |
| SHA512 | 5c3adb0ecf185f3e5816788c0a3223f3f1b3559dee66559026afed7f6f1f1c387ac65979d5d8ed2eea519ad4d86c0c0100a9f1173001b986dbf4a290caa21cb6 |
C:\Users\Admin\AppData\Local\pewowkbqmfypoqggxkzrjrfwlhatkjlbbsfum.mar
| MD5 | 87b619c88dca02034082a8dcb90c5ee8 |
| SHA1 | 7a35f17f97b70ecb34882301072a4db663dd6f10 |
| SHA256 | 5b0413e7a4b138301699d92b713b5594142d200e9059c3f89ade9a137121f685 |
| SHA512 | 152e74af33d836f30a9cc0d87ec50d52987bda23ddc5d53268e7ca0a6a32eaf276cff44513291a0fbe3a16e2cf6eca1603da644a9a1417160f215bea2fed5252 |
C:\Program Files (x86)\oszgdgmqbjrxlchwceipwtwcgr.hnb
| MD5 | 7ae0b5833fcae515a57490eff689eaee |
| SHA1 | 61faa04d528b5e6ca0242a40a5662667228d2685 |
| SHA256 | 35e8676b21635a110439e83193d8af2df69d860841a20f40183ef23fc8e7873e |
| SHA512 | 5349fdc6de00a335b6d083d14072422cff0532cc71d4ab139eba3456d87e615e7a0d1645986ab4e09d24e62e124d1cf25a33c5adb5ad4944e52c2d905c07caa8 |
C:\Program Files (x86)\oszgdgmqbjrxlchwceipwtwcgr.hnb
| MD5 | 736b092c5663ada6188ac95e6f05621f |
| SHA1 | dd2947541e77e3e3537a3941a28de8a07ad4eef9 |
| SHA256 | ffbc392c8f0c1d1c5c49c112ed7e068e6a4dc4650f5942d63e2f13282ad8bca7 |
| SHA512 | a52bb3805444c86fbd4aefcbc27d6d5bd5f8b09a3e4bad3c3e0ef0fa3b225201f98c5f2d08464c58ecc1f17b97dd00010530a7d87701fa4c058bb1f95980f718 |
C:\Program Files (x86)\oszgdgmqbjrxlchwceipwtwcgr.hnb
| MD5 | 1c9c5af9b2af44d8aa370151363b5eb0 |
| SHA1 | bcb0a9b4fc2c12bf1555853fa1a84ba3d13837d8 |
| SHA256 | 44d8345a48f0037e30c29bfc1b53e76fb00349e6f4ffe7298591a866de33f95a |
| SHA512 | af42d037014d51bf9ea64df769a9f4357e0a1fb4bf84e81282409298dce07b5622d2984a945c9f1376b1a10ac412b0492eb34f86808e232dcbb971a40e4d22a4 |
C:\Program Files (x86)\oszgdgmqbjrxlchwceipwtwcgr.hnb
| MD5 | 7aacad4eff7cabbc37ad30f48e4ae61a |
| SHA1 | dc94aa291cd5485ed2800b229264f6bff4badd0b |
| SHA256 | 4019d98965f9f0caa51874d97817d8495896233bd97d94066b58834db7303bb1 |
| SHA512 | 6b50af58df61c53df3c687e7c9e88343d2f3a36eff6e7452446c2556434a1be12a4ff0e8932c510b4d535d54719a60e4ad5445ebd8c3b63b29a6692f27c82d7a |
C:\Program Files (x86)\oszgdgmqbjrxlchwceipwtwcgr.hnb
| MD5 | db86cf6786476d2942064294cb01523e |
| SHA1 | 1b4b356f334fca67fbcc6ddebce921179cedccfe |
| SHA256 | 01c0bd42f84b57c445ed8c991235432fe2cd8d3263996855f46fc78e4c695c3b |
| SHA512 | 00eb7cea3e803108843a29e3d4d557b50968f4b0a8620c573beac0433dc9657ee5adc1eea4b75855074a1e4a67357011bf339ce497258dea3752cdb30aaf90ea |
C:\Program Files (x86)\oszgdgmqbjrxlchwceipwtwcgr.hnb
| MD5 | d5c9f4468c9b574e2d90013bbe4e6247 |
| SHA1 | e0cb8b3fb12ef45c3a097eac42279b6d35b0a3d4 |
| SHA256 | 3d127aebb742c182a0034fdfb5dd2d75e545c2106cf1637a596b5e1c4e8faf3e |
| SHA512 | 79a5a1281829c93755a8b5319c194fd6516330793067190c9234b9f66b99848294ef834f8e064615f0db4c78ed0c306143327f704e2fd3f602dcd715ec92a1f9 |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-21 05:13
Reported
2025-04-21 05:16
Platform
win10v2004-20250314-en
Max time kernel
50s
Max time network
151s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "haaomhcymigwpzsvlndw.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "tieoizqiskeqflaz.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlyvpjermjyqzrtijy.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlyvpjermjyqzrtijy.exe" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnytldwhaviyfvvi.exe" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "jaykgzsmysoctbsthh.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieoizqiskeqflaz.exe" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieoizqiskeqflaz.exe" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "umlyvpjermjyqzrtijy.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "tieoizqiskeqflaz.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrgfbxujgfwqbvzqtkef.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "haaomhcymigwpzsvlndw.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "umlyvpjermjyqzrtijy.exe" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "tieoizqiskeqflaz.exe" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnytldwhaviyfvvi.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "haaomhcymigwpzsvlndw.exe" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "wqrgfbxujgfwqbvzqtkef.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "tieoizqiskeqflaz.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "tieoizqiskeqflaz.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "jaykgzsmysoctbsthh.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "tieoizqiskeqflaz.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "aqnytldwhaviyfvvi.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "aqnytldwhaviyfvvi.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haaomhcymigwpzsvlndw.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieoizqiskeqflaz.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "umlyvpjermjyqzrtijy.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "aqnytldwhaviyfvvi.exe" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieoizqiskeqflaz.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "umlyvpjermjyqzrtijy.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "jaykgzsmysoctbsthh.exe" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "aqnytldwhaviyfvvi.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haaomhcymigwpzsvlndw.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnytldwhaviyfvvi.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrgfbxujgfwqbvzqtkef.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlyvpjermjyqzrtijy.exe" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "umlyvpjermjyqzrtijy.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haaomhcymigwpzsvlndw.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "tieoizqiskeqflaz.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnytldwhaviyfvvi.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\aqnytldwhaviyfvvi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\umlyvpjermjyqzrtijy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\haaomhcymigwpzsvlndw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\jaykgzsmysoctbsthh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\wqrgfbxujgfwqbvzqtkef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\tieoizqiskeqflaz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\jaykgzsmysoctbsthh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\tieoizqiskeqflaz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\haaomhcymigwpzsvlndw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\aqnytldwhaviyfvvi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\aqnytldwhaviyfvvi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\aqnytldwhaviyfvvi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\wqrgfbxujgfwqbvzqtkef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\umlyvpjermjyqzrtijy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\wqrgfbxujgfwqbvzqtkef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\wqrgfbxujgfwqbvzqtkef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\aqnytldwhaviyfvvi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\tieoizqiskeqflaz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\haaomhcymigwpzsvlndw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\jaykgzsmysoctbsthh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\tieoizqiskeqflaz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\haaomhcymigwpzsvlndw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\haaomhcymigwpzsvlndw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\aqnytldwhaviyfvvi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\wqrgfbxujgfwqbvzqtkef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\wqrgfbxujgfwqbvzqtkef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\wqrgfbxujgfwqbvzqtkef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\aqnytldwhaviyfvvi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\tieoizqiskeqflaz.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "tieoizqiskeqflaz.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "aqnytldwhaviyfvvi.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\walkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haaomhcymigwpzsvlndw.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieoizqiskeqflaz.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oypujvhuzmb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oypujvhuzmb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haaomhcymigwpzsvlndw.exe" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oypujvhuzmb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnytldwhaviyfvvi.exe" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "wqrgfbxujgfwqbvzqtkef.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\walkt = "jaykgzsmysoctbsthh.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\walkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieoizqiskeqflaz.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jqegsbku = "aqnytldwhaviyfvvi.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tcswkvgswi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrgfbxujgfwqbvzqtkef.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "umlyvpjermjyqzrtijy.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oypujvhuzmb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haaomhcymigwpzsvlndw.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "aqnytldwhaviyfvvi.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oypujvhuzmb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnytldwhaviyfvvi.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "wqrgfbxujgfwqbvzqtkef.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tcswkvgswi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haaomhcymigwpzsvlndw.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\walkt = "umlyvpjermjyqzrtijy.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jqegsbku = "umlyvpjermjyqzrtijy.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jqegsbku = "jaykgzsmysoctbsthh.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\walkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieoizqiskeqflaz.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jqegsbku = "aqnytldwhaviyfvvi.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "aqnytldwhaviyfvvi.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\walkt = "umlyvpjermjyqzrtijy.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oypujvhuzmb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\walkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlyvpjermjyqzrtijy.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tcswkvgswi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnytldwhaviyfvvi.exe ." | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "umlyvpjermjyqzrtijy.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\walkt = "jaykgzsmysoctbsthh.exe" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oypujvhuzmb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haaomhcymigwpzsvlndw.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oypujvhuzmb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlyvpjermjyqzrtijy.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "haaomhcymigwpzsvlndw.exe ." | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tcswkvgswi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrgfbxujgfwqbvzqtkef.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\walkt = "tieoizqiskeqflaz.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tcswkvgswi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnytldwhaviyfvvi.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlyvpjermjyqzrtijy.exe ." | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "umlyvpjermjyqzrtijy.exe ." | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jqegsbku = "tieoizqiskeqflaz.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jqegsbku = "aqnytldwhaviyfvvi.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "aqnytldwhaviyfvvi.exe ." | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe ." | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\walkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlyvpjermjyqzrtijy.exe" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrgfbxujgfwqbvzqtkef.exe ." | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jqegsbku = "aqnytldwhaviyfvvi.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "tieoizqiskeqflaz.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tcswkvgswi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrgfbxujgfwqbvzqtkef.exe ." | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "tieoizqiskeqflaz.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "jaykgzsmysoctbsthh.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieoizqiskeqflaz.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\walkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "wqrgfbxujgfwqbvzqtkef.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\walkt = "wqrgfbxujgfwqbvzqtkef.exe" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jqegsbku = "jaykgzsmysoctbsthh.exe" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oypujvhuzmb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlyvpjermjyqzrtijy.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "umlyvpjermjyqzrtijy.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "tieoizqiskeqflaz.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrgfbxujgfwqbvzqtkef.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\walkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrgfbxujgfwqbvzqtkef.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tcswkvgswi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haaomhcymigwpzsvlndw.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tcswkvgswi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haaomhcymigwpzsvlndw.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jqegsbku = "wqrgfbxujgfwqbvzqtkef.exe" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jqegsbku = "haaomhcymigwpzsvlndw.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnytldwhaviyfvvi.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\aqnytldwhaviyfvvi.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haaomhcymigwpzsvlndw.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\nikaaxusiggytfafxbtoqg.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\wqrgfbxujgfwqbvzqtkef.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqrgfbxujgfwqbvzqtkef.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\aqnytldwhaviyfvvi.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\haaomhcymigwpzsvlndw.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\jaykgzsmysoctbsthh.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\jaykgzsmysoctbsthh.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\wqrgfbxujgfwqbvzqtkef.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqrgfbxujgfwqbvzqtkef.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqrgfbxujgfwqbvzqtkef.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umlyvpjermjyqzrtijy.exe | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| File created | C:\Windows\SysWOW64\xwcwabceyaeazpoxtbxwcw.bce | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| File created | C:\Windows\SysWOW64\wqrgfbxujgfwqbvzqtkef.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nikaaxusiggytfafxbtoqg.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jaykgzsmysoctbsthh.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\jaykgzsmysoctbsthh.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\nikaaxusiggytfafxbtoqg.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\umlyvpjermjyqzrtijy.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haaomhcymigwpzsvlndw.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haaomhcymigwpzsvlndw.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\wqrgfbxujgfwqbvzqtkef.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\wqrgfbxujgfwqbvzqtkef.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqnytldwhaviyfvvi.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umlyvpjermjyqzrtijy.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haaomhcymigwpzsvlndw.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umlyvpjermjyqzrtijy.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haaomhcymigwpzsvlndw.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\wqrgfbxujgfwqbvzqtkef.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\umlyvpjermjyqzrtijy.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\nikaaxusiggytfafxbtoqg.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\haaomhcymigwpzsvlndw.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haaomhcymigwpzsvlndw.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\haaomhcymigwpzsvlndw.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\oypujvhuzmbistdxexeofkzlxkpcryijt.unu | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqnytldwhaviyfvvi.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\aqnytldwhaviyfvvi.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umlyvpjermjyqzrtijy.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\jaykgzsmysoctbsthh.exe | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| File created | C:\Windows\SysWOW64\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqnytldwhaviyfvvi.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\umlyvpjermjyqzrtijy.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\nikaaxusiggytfafxbtoqg.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nikaaxusiggytfafxbtoqg.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\wqrgfbxujgfwqbvzqtkef.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\nikaaxusiggytfafxbtoqg.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\umlyvpjermjyqzrtijy.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\nikaaxusiggytfafxbtoqg.exe | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oypujvhuzmbistdxexeofkzlxkpcryijt.unu | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nikaaxusiggytfafxbtoqg.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\umlyvpjermjyqzrtijy.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umlyvpjermjyqzrtijy.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\haaomhcymigwpzsvlndw.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nikaaxusiggytfafxbtoqg.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\xwcwabceyaeazpoxtbxwcw.bce | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| File created | C:\Program Files (x86)\xwcwabceyaeazpoxtbxwcw.bce | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| File opened for modification | C:\Program Files (x86)\oypujvhuzmbistdxexeofkzlxkpcryijt.unu | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| File created | C:\Program Files (x86)\oypujvhuzmbistdxexeofkzlxkpcryijt.unu | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\nikaaxusiggytfafxbtoqg.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\wqrgfbxujgfwqbvzqtkef.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\umlyvpjermjyqzrtijy.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\haaomhcymigwpzsvlndw.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\umlyvpjermjyqzrtijy.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\haaomhcymigwpzsvlndw.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\wqrgfbxujgfwqbvzqtkef.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\nikaaxusiggytfafxbtoqg.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\nikaaxusiggytfafxbtoqg.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\haaomhcymigwpzsvlndw.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\nikaaxusiggytfafxbtoqg.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\umlyvpjermjyqzrtijy.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\jaykgzsmysoctbsthh.exe | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| File opened for modification | C:\Windows\wqrgfbxujgfwqbvzqtkef.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\nikaaxusiggytfafxbtoqg.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\aqnytldwhaviyfvvi.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\nikaaxusiggytfafxbtoqg.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\umlyvpjermjyqzrtijy.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\jaykgzsmysoctbsthh.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\umlyvpjermjyqzrtijy.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\wqrgfbxujgfwqbvzqtkef.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\aqnytldwhaviyfvvi.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\jaykgzsmysoctbsthh.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\wqrgfbxujgfwqbvzqtkef.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\umlyvpjermjyqzrtijy.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\aqnytldwhaviyfvvi.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\nikaaxusiggytfafxbtoqg.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\wqrgfbxujgfwqbvzqtkef.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\jaykgzsmysoctbsthh.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\aqnytldwhaviyfvvi.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\aqnytldwhaviyfvvi.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\nikaaxusiggytfafxbtoqg.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\umlyvpjermjyqzrtijy.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\umlyvpjermjyqzrtijy.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\umlyvpjermjyqzrtijy.exe | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| File opened for modification | C:\Windows\umlyvpjermjyqzrtijy.exe | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| File opened for modification | C:\Windows\nikaaxusiggytfafxbtoqg.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\umlyvpjermjyqzrtijy.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\wqrgfbxujgfwqbvzqtkef.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\haaomhcymigwpzsvlndw.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\wqrgfbxujgfwqbvzqtkef.exe | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| File opened for modification | C:\Windows\aqnytldwhaviyfvvi.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\nikaaxusiggytfafxbtoqg.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\aqnytldwhaviyfvvi.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\jaykgzsmysoctbsthh.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\jaykgzsmysoctbsthh.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\haaomhcymigwpzsvlndw.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\jaykgzsmysoctbsthh.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\aqnytldwhaviyfvvi.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\tieoizqiskeqflaz.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\jaykgzsmysoctbsthh.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\haaomhcymigwpzsvlndw.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\nikaaxusiggytfafxbtoqg.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jaykgzsmysoctbsthh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqnytldwhaviyfvvi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jaykgzsmysoctbsthh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqnytldwhaviyfvvi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tieoizqiskeqflaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqnytldwhaviyfvvi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wqrgfbxujgfwqbvzqtkef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqnytldwhaviyfvvi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tieoizqiskeqflaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqnytldwhaviyfvvi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqnytldwhaviyfvvi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tieoizqiskeqflaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\haaomhcymigwpzsvlndw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tieoizqiskeqflaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tieoizqiskeqflaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\umlyvpjermjyqzrtijy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\umlyvpjermjyqzrtijy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tieoizqiskeqflaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tieoizqiskeqflaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jaykgzsmysoctbsthh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\haaomhcymigwpzsvlndw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqnytldwhaviyfvvi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tieoizqiskeqflaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jaykgzsmysoctbsthh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\umlyvpjermjyqzrtijy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqnytldwhaviyfvvi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jaykgzsmysoctbsthh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\umlyvpjermjyqzrtijy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqnytldwhaviyfvvi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\hmyyip.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe"
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c7e5d9b24e40b9b5909256350f70b10b.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\hmyyip.exe
"C:\Users\Admin\AppData\Local\Temp\hmyyip.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c7e5d9b24e40b9b5909256350f70b10b.exe"
C:\Users\Admin\AppData\Local\Temp\hmyyip.exe
"C:\Users\Admin\AppData\Local\Temp\hmyyip.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c7e5d9b24e40b9b5909256350f70b10b.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe .
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Windows\haaomhcymigwpzsvlndw.exe
haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe
C:\Windows\haaomhcymigwpzsvlndw.exe
haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .
C:\Windows\haaomhcymigwpzsvlndw.exe
haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .
C:\Windows\haaomhcymigwpzsvlndw.exe
haaomhcymigwpzsvlndw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .
C:\Windows\haaomhcymigwpzsvlndw.exe
haaomhcymigwpzsvlndw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Windows\haaomhcymigwpzsvlndw.exe
haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Windows\haaomhcymigwpzsvlndw.exe
haaomhcymigwpzsvlndw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .
C:\Windows\haaomhcymigwpzsvlndw.exe
haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe
C:\Windows\haaomhcymigwpzsvlndw.exe
haaomhcymigwpzsvlndw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."
C:\Windows\haaomhcymigwpzsvlndw.exe
haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe
C:\Windows\haaomhcymigwpzsvlndw.exe
haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Windows\haaomhcymigwpzsvlndw.exe
haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe
C:\Windows\haaomhcymigwpzsvlndw.exe
haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .
C:\Windows\haaomhcymigwpzsvlndw.exe
haaomhcymigwpzsvlndw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .
C:\Windows\haaomhcymigwpzsvlndw.exe
haaomhcymigwpzsvlndw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Windows\haaomhcymigwpzsvlndw.exe
haaomhcymigwpzsvlndw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe
C:\Windows\haaomhcymigwpzsvlndw.exe
haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Windows\haaomhcymigwpzsvlndw.exe
haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe .
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Windows\haaomhcymigwpzsvlndw.exe
haaomhcymigwpzsvlndw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .
C:\Windows\haaomhcymigwpzsvlndw.exe
haaomhcymigwpzsvlndw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\umlyvpjermjyqzrtijy.exe
umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe
C:\Windows\aqnytldwhaviyfvvi.exe
aqnytldwhaviyfvvi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .
C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
wqrgfbxujgfwqbvzqtkef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe
C:\Windows\jaykgzsmysoctbsthh.exe
jaykgzsmysoctbsthh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tieoizqiskeqflaz.exe
tieoizqiskeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | hjtzngn.com | udp |
| US | 95.69.202.212:16883 | tcp | |
| US | 8.8.8.8:53 | oocgwwiq.net | udp |
| US | 8.8.8.8:53 | uqfees.biz | udp |
| US | 8.8.8.8:53 | tefpvkn.cc | udp |
| US | 8.8.8.8:53 | gvveiqfqbex.cc | udp |
| US | 8.8.8.8:53 | sawsyaiq.net | udp |
| US | 8.8.8.8:53 | uunona.info | udp |
| US | 8.8.8.8:53 | trzxlwfox.org | udp |
| US | 8.8.8.8:53 | pymgnwfox.cc | udp |
| US | 8.8.8.8:53 | imdkwgeoya.net | udp |
| US | 8.8.8.8:53 | sqmupwiq.net | udp |
| US | 8.8.8.8:53 | tphefkn.cc | udp |
| US | 8.8.8.8:53 | oitwrqfqbex.org | udp |
| US | 8.8.8.8:53 | aktescuiwcymao.net | udp |
| US | 8.8.8.8:53 | eyfhws.biz | udp |
| US | 8.8.8.8:53 | svhcjmnansnan.com | udp |
| US | 8.8.8.8:53 | ugvbqgfqbex.com | udp |
| US | 8.8.8.8:53 | oejkasuiwcymao.biz | udp |
| US | 8.8.8.8:53 | megsoeiq.net | udp |
| US | 8.8.8.8:53 | zfdthsn.cc | udp |
| US | 8.8.8.8:53 | xizqmkn.cc | udp |
| US | 8.8.8.8:53 | oerrlgeoya.biz | udp |
| US | 8.8.8.8:53 | eqbqcguiwcymao.info | udp |
| US | 52.11.240.239:80 | eqbqcguiwcymao.info | tcp |
| US | 8.8.8.8:53 | zuzmvwfox.com | udp |
| US | 8.8.8.8:53 | wzgrsenansnan.org | udp |
| US | 8.8.8.8:53 | wigyhsiugkeq.biz | udp |
| US | 8.8.8.8:53 | waauysiugkeq.net | udp |
| US | 8.8.8.8:53 | srjukodsholapet.org | udp |
| US | 8.8.8.8:53 | tizmbgn.org | udp |
| US | 8.8.8.8:53 | qwetpwiugkeq.biz | udp |
| US | 8.8.8.8:53 | amlehcuiwcymao.net | udp |
| US | 8.8.8.8:53 | izbqukdsholapet.com | udp |
| US | 8.8.8.8:53 | agvtrufqbex.cc | udp |
| US | 8.8.8.8:53 | sepsbs.net | udp |
| US | 8.8.8.8:53 | agoriiiugkeq.biz | udp |
| US | 8.8.8.8:53 | rmrgusfox.cc | udp |
| US | 8.8.8.8:53 | bozyrgn.com | udp |
| US | 8.8.8.8:53 | kooiewiq.net | udp |
| US | 8.8.8.8:53 | yuwuemiq.biz | udp |
| US | 8.8.8.8:53 | ybdetodsholapet.com | udp |
| US | 8.8.8.8:53 | mgesbsdsholapet.org | udp |
| US | 8.8.8.8:53 | ykbjeueoya.biz | udp |
| US | 8.8.8.8:53 | sooiysiugkeq.biz | udp |
| US | 8.8.8.8:53 | tjxxlafox.cc | udp |
| US | 8.8.8.8:53 | cjgsnenansnan.com | udp |
| US | 8.8.8.8:53 | autsca.net | udp |
| US | 8.8.8.8:53 | wmeawmiq.net | udp |
| US | 8.8.8.8:53 | nszqrsfox.cc | udp |
| US | 8.8.8.8:53 | nqwuzafox.org | udp |
| US | 8.8.8.8:53 | ugzfgguiwcymao.info | udp |
| US | 8.8.8.8:53 | qwawsaiq.biz | udp |
| US | 8.8.8.8:53 | wabchmnansnan.com | udp |
| US | 8.8.8.8:53 | xcneecn.org | udp |
| US | 8.8.8.8:53 | uwxumcuiwcymao.info | udp |
| US | 8.8.8.8:53 | qymkcaiq.net | udp |
| US | 8.8.8.8:53 | xojoxsn.com | udp |
| US | 8.8.8.8:53 | bkcsuafox.com | udp |
| US | 8.8.8.8:53 | ailswk.info | udp |
| US | 8.8.8.8:53 | qweacsiugkeq.biz | udp |
| US | 8.8.8.8:53 | tvfwkifox.cc | udp |
| US | 8.8.8.8:53 | fqcqcwfox.org | udp |
| US | 8.8.8.8:53 | gimcsiiugkeq.net | udp |
| US | 8.8.8.8:53 | catwtueoya.net | udp |
| LT | 78.157.72.10:43964 | tcp | |
| US | 8.8.8.8:53 | ytxizanansnan.org | udp |
| US | 8.8.8.8:53 | zonspkn.cc | udp |
| US | 8.8.8.8:53 | aymkoaiugkeq.info | udp |
| US | 8.8.8.8:53 | usawkiiugkeq.biz | udp |
| US | 8.8.8.8:53 | uafudkdsholapet.cc | udp |
| US | 8.8.8.8:53 | wrsxuodsholapet.com | udp |
| US | 8.8.8.8:53 | egweniiugkeq.net | udp |
| US | 8.8.8.8:53 | igkiteiq.info | udp |
| US | 8.8.8.8:53 | ekxtrenansnan.org | udp |
| US | 8.8.8.8:53 | rmrihsn.org | udp |
| US | 8.8.8.8:53 | qgqqhwiugkeq.net | udp |
| US | 8.8.8.8:53 | skqoxsiugkeq.net | udp |
| US | 8.8.8.8:53 | unbclufqbex.org | udp |
| US | 8.8.8.8:53 | ygudvanansnan.org | udp |
| US | 8.8.8.8:53 | kenoyguiwcymao.net | udp |
| US | 8.8.8.8:53 | eaxveqeoya.net | udp |
| US | 8.8.8.8:53 | tbxouwfox.org | udp |
| US | 8.8.8.8:53 | jfgjlifox.org | udp |
| US | 8.8.8.8:53 | gahmus.net | udp |
| US | 8.8.8.8:53 | qaowwaiq.net | udp |
| US | 8.8.8.8:53 | dsfxjcn.org | udp |
| US | 8.8.8.8:53 | zcbtrcn.com | udp |
| US | 8.8.8.8:53 | sywmmmiq.info | udp |
| US | 8.8.8.8:53 | iobwycuiwcymao.net | udp |
| US | 8.8.8.8:53 | xidshsn.com | udp |
| US | 8.8.8.8:53 | mqtoqyfqbex.com | udp |
| US | 8.8.8.8:53 | wovsmueoya.info | udp |
| US | 8.8.8.8:53 | euyypiiugkeq.net | udp |
| US | 8.8.8.8:53 | hzdupsn.org | udp |
| US | 8.8.8.8:53 | brdhrcn.org | udp |
| US | 8.8.8.8:53 | scfdcueoya.info | udp |
| US | 8.8.8.8:53 | wessyiiugkeq.info | udp |
| US | 8.8.8.8:53 | tmrvuifox.com | udp |
| US | 8.8.8.8:53 | pwhmxcn.cc | udp |
| US | 8.8.8.8:53 | kkpepo.info | udp |
| US | 8.8.8.8:53 | aaxsiueoya.info | udp |
| US | 8.8.8.8:53 | vmribifox.org | udp |
| US | 8.8.8.8:53 | drigfifox.cc | udp |
| US | 8.8.8.8:53 | kmnliguiwcymao.info | udp |
| US | 8.8.8.8:53 | uytcsgeoya.info | udp |
| US | 8.8.8.8:53 | uglergfqbex.org | udp |
| US | 8.8.8.8:53 | lxnsdcn.com | udp |
| LT | 86.100.228.199:19507 | tcp | |
| US | 8.8.8.8:53 | coxkiueoya.info | udp |
| US | 8.8.8.8:53 | aqzadkuiwcymao.info | udp |
| US | 8.8.8.8:53 | yalpjanansnan.org | udp |
| US | 8.8.8.8:53 | ycokbodsholapet.org | udp |
| US | 8.8.8.8:53 | yqjswk.net | udp |
| US | 8.8.8.8:53 | ymxikueoya.net | udp |
| US | 8.8.8.8:53 | kdrccwnansnan.com | udp |
| US | 8.8.8.8:53 | ckocgkdsholapet.org | udp |
| US | 8.8.8.8:53 | swdihk.info | udp |
| US | 8.8.8.8:53 | qwbbyyeoya.info | udp |
| US | 8.8.8.8:53 | yndccsdsholapet.cc | udp |
| US | 8.8.8.8:53 | uvjmhufqbex.org | udp |
| US | 8.8.8.8:53 | isuufsiugkeq.info | udp |
| US | 8.8.8.8:53 | ieysqwiq.biz | udp |
| US | 8.8.8.8:53 | zqhkxgn.cc | udp |
| US | 8.8.8.8:53 | mqswuwnansnan.org | udp |
| US | 8.8.8.8:53 | iyyodwiugkeq.info | udp |
| US | 8.8.8.8:53 | wopkca.info | udp |
| US | 8.8.8.8:53 | lnhktifox.org | udp |
| US | 8.8.8.8:53 | fqhkgkn.com | udp |
| US | 8.8.8.8:53 | ewfahguiwcymao.info | udp |
| US | 8.8.8.8:53 | qusosiiugkeq.net | udp |
| US | 8.8.8.8:53 | ovtiuufqbex.cc | udp |
| US | 8.8.8.8:53 | aqestenansnan.org | udp |
| US | 8.8.8.8:53 | cymgiwiugkeq.info | udp |
| US | 8.8.8.8:53 | yuhspcuiwcymao.biz | udp |
| US | 8.8.8.8:53 | pvlglcn.com | udp |
| US | 8.8.8.8:53 | sshljufqbex.org | udp |
| US | 8.8.8.8:53 | suzcda.net | udp |
| US | 8.8.8.8:53 | cebszqeoya.info | udp |
| US | 8.8.8.8:53 | cdnjnanansnan.cc | udp |
| US | 8.8.8.8:53 | slwcnodsholapet.cc | udp |
| US | 8.8.8.8:53 | goboncuiwcymao.net | udp |
| US | 8.8.8.8:53 | uwmzmeiq.net | udp |
| US | 8.8.8.8:53 | gtrevgfqbex.org | udp |
| US | 8.8.8.8:53 | vmgqbsfox.org | udp |
| US | 8.8.8.8:53 | eeigiwiq.net | udp |
| US | 8.8.8.8:53 | cyugvwiq.biz | udp |
| US | 8.8.8.8:53 | yknalenansnan.com | udp |
| US | 8.8.8.8:53 | lkadhifox.org | udp |
| US | 8.8.8.8:53 | iuwkfiiugkeq.info | udp |
| US | 8.8.8.8:53 | qidcqa.net | udp |
| US | 8.8.8.8:53 | anljvkdsholapet.cc | udp |
| US | 8.8.8.8:53 | ebaaxanansnan.org | udp |
| US | 8.8.8.8:53 | satsdueoya.info | udp |
| US | 8.8.8.8:53 | cgguxsiugkeq.biz | udp |
| US | 8.8.8.8:53 | vxdaqgn.cc | udp |
| US | 8.8.8.8:53 | qxkyvwnansnan.org | udp |
| US | 8.8.8.8:53 | aijneueoya.info | udp |
| US | 8.8.8.8:53 | qixipa.info | udp |
| US | 8.8.8.8:53 | oznevadsholapet.org | udp |
| US | 8.8.8.8:53 | tnrpfkn.cc | udp |
| US | 8.8.8.8:53 | ikpogcuiwcymao.info | udp |
| US | 8.8.8.8:53 | syqyiiiugkeq.info | udp |
| US | 8.8.8.8:53 | bglbscn.org | udp |
| US | 8.8.8.8:53 | ewgxsodsholapet.cc | udp |
| US | 8.8.8.8:53 | gahdrueoya.biz | udp |
| US | 8.8.8.8:53 | kmyjzsiugkeq.net | udp |
| US | 8.8.8.8:53 | ygxqnanansnan.com | udp |
| US | 8.8.8.8:53 | fnzyrcn.com | udp |
| US | 8.8.8.8:53 | oquysiiugkeq.biz | udp |
| US | 8.8.8.8:53 | smfqaa.info | udp |
| US | 8.8.8.8:53 | ctjwaanansnan.com | udp |
| LT | 78.62.13.88:41708 | tcp | |
| US | 8.8.8.8:53 | hbkjhafox.com | udp |
| US | 8.8.8.8:53 | ccpodo.biz | udp |
| US | 8.8.8.8:53 | yoqcpmiq.biz | udp |
| US | 8.8.8.8:53 | wigiakdsholapet.com | udp |
| US | 8.8.8.8:53 | qaygssiugkeq.biz | udp |
| US | 8.8.8.8:53 | ayfapa.biz | udp |
| US | 8.8.8.8:53 | ojxqpmnansnan.org | udp |
| US | 8.8.8.8:53 | rpywjifox.org | udp |
| US | 8.8.8.8:53 | ggxuesuiwcymao.biz | udp |
| US | 8.8.8.8:53 | eqlgqueoya.biz | udp |
| US | 8.8.8.8:53 | abdqbenansnan.com | udp |
| US | 8.8.8.8:53 | intehufqbex.org | udp |
| US | 8.8.8.8:53 | ywywjaiq.biz | udp |
| US | 8.8.8.8:53 | osvvkgeoya.net | udp |
| US | 8.8.8.8:53 | varbwsn.com | udp |
| US | 8.8.8.8:53 | rnwslafox.com | udp |
| US | 8.8.8.8:53 | kwdktk.net | udp |
| US | 8.8.8.8:53 | katyqkuiwcymao.net | udp |
| US | 8.8.8.8:53 | tldcjafox.cc | udp |
| US | 8.8.8.8:53 | mvomnkdsholapet.com | udp |
| US | 8.8.8.8:53 | mkbuyk.biz | udp |
| US | 8.8.8.8:53 | seeqxsiugkeq.info | udp |
| US | 8.8.8.8:53 | jrjyeafox.com | udp |
| US | 8.8.8.8:53 | gsuivanansnan.cc | udp |
| US | 8.8.8.8:53 | ymjogcuiwcymao.biz | udp |
| US | 8.8.8.8:53 | aopcoa.info | udp |
| US | 8.8.8.8:53 | pyxongn.org | udp |
| US | 8.8.8.8:53 | wvmqfodsholapet.cc | udp |
| US | 8.8.8.8:53 | ycosswiq.biz | udp |
| US | 8.8.8.8:53 | smpsecuiwcymao.info | udp |
| US | 8.8.8.8:53 | qwffnkdsholapet.cc | udp |
| US | 8.8.8.8:53 | sbyqaodsholapet.org | udp |
| US | 8.8.8.8:53 | csvacgeoya.biz | udp |
| US | 8.8.8.8:53 | gkeeawiq.biz | udp |
| US | 8.8.8.8:53 | mjnmxgfqbex.org | udp |
| US | 8.8.8.8:53 | ldvhxcn.cc | udp |
| US | 8.8.8.8:53 | ywsyewiugkeq.biz | udp |
| US | 8.8.8.8:53 | kklkvguiwcymao.info | udp |
| US | 8.8.8.8:53 | ynlcxufqbex.cc | udp |
| US | 8.8.8.8:53 | ikmgamiq.net | udp |
| US | 8.8.8.8:53 | ucdeuqeoya.biz | udp |
| US | 8.8.8.8:53 | dhhnowfox.org | udp |
| US | 8.8.8.8:53 | shmdzmnansnan.cc | udp |
| US | 8.8.8.8:53 | ikahdwiq.net | udp |
| US | 8.8.8.8:53 | oqbccsuiwcymao.info | udp |
| US | 8.8.8.8:53 | vmrwksn.cc | udp |
| HK | 89.116.150.125:23076 | tcp | |
| US | 8.8.8.8:53 | ymkaaenansnan.org | udp |
| US | 8.8.8.8:53 | uowhamiq.biz | udp |
| US | 8.8.8.8:53 | oyiemiiugkeq.net | udp |
| US | 8.8.8.8:53 | dhxelgn.cc | udp |
| US | 8.8.8.8:53 | mkfqck.net | udp |
| US | 8.8.8.8:53 | gcnunkuiwcymao.biz | udp |
| US | 8.8.8.8:53 | qarebgfqbex.org | udp |
| US | 8.8.8.8:53 | sgygrenansnan.org | udp |
| US | 8.8.8.8:53 | wqtpoa.biz | udp |
| US | 8.8.8.8:53 | uijsocuiwcymao.net | udp |
| US | 8.8.8.8:53 | inlmngfqbex.cc | udp |
| US | 8.8.8.8:53 | msgslkdsholapet.cc | udp |
| US | 8.8.8.8:53 | cmecrwiq.info | udp |
| US | 8.8.8.8:53 | yswfewiq.biz | udp |
| US | 8.8.8.8:53 | jllifcn.cc | udp |
| US | 8.8.8.8:53 | mgiwhkdsholapet.com | udp |
| US | 8.8.8.8:53 | uqgpuwiugkeq.info | udp |
| US | 8.8.8.8:53 | acwwdsiugkeq.info | udp |
| US | 8.8.8.8:53 | vqhxzsfox.com | udp |
| US | 8.8.8.8:53 | qpmmxodsholapet.org | udp |
| US | 8.8.8.8:53 | uwvams.net | udp |
| US | 8.8.8.8:53 | kehoko.biz | udp |
| US | 8.8.8.8:53 | gujndsdsholapet.org | udp |
| US | 8.8.8.8:53 | quigcenansnan.com | udp |
| US | 8.8.8.8:53 | mgjlmcuiwcymao.biz | udp |
| US | 8.8.8.8:53 | qqbfxqeoya.net | udp |
| US | 8.8.8.8:53 | lkroxcn.org | udp |
| US | 8.8.8.8:53 | xiwqrifox.cc | udp |
| US | 8.8.8.8:53 | saekyaiugkeq.biz | udp |
| US | 8.8.8.8:53 | wyufiwiugkeq.info | udp |
| US | 8.8.8.8:53 | zqdppcn.org | udp |
| US | 8.8.8.8:53 | zmcuawfox.com | udp |
| US | 8.8.8.8:53 | oiwkkwiugkeq.biz | udp |
| US | 8.8.8.8:53 | cvlwyqfqbex.com | udp |
| US | 8.8.8.8:53 | mmqmdadsholapet.cc | udp |
| US | 8.8.8.8:53 | akqipmiq.net | udp |
| US | 8.8.8.8:53 | csrjza.biz | udp |
| US | 8.8.8.8:53 | irxkesdsholapet.com | udp |
| US | 8.8.8.8:53 | xedkfkn.cc | udp |
| US | 8.8.8.8:53 | eyiqmaiq.info | udp |
| US | 8.8.8.8:53 | uqjcesuiwcymao.biz | udp |
| US | 8.8.8.8:53 | qfbajkdsholapet.cc | udp |
| US | 8.8.8.8:53 | gashosdsholapet.cc | udp |
| US | 8.8.8.8:53 | ioxgfkuiwcymao.net | udp |
| US | 8.8.8.8:53 | cakcksiugkeq.net | udp |
| US | 8.8.8.8:53 | pzfpdsn.com | udp |
| US | 8.8.8.8:53 | kfjuhyfqbex.com | udp |
| US | 8.8.8.8:53 | skxmss.net | udp |
| US | 8.8.8.8:53 | kgjnuo.net | udp |
| US | 8.8.8.8:53 | garctenansnan.com | udp |
| US | 8.8.8.8:53 | uqirsadsholapet.cc | udp |
| US | 8.8.8.8:53 | cehbea.info | udp |
| US | 8.8.8.8:53 | qyllkyeoya.net | udp |
| US | 8.8.8.8:53 | ekzmkyfqbex.cc | udp |
| US | 8.8.8.8:53 | aywzoanansnan.cc | udp |
| US | 8.8.8.8:53 | eapmoguiwcymao.info | udp |
| US | 8.8.8.8:53 | qcjisqeoya.net | udp |
| US | 8.8.8.8:53 | brjarkn.com | udp |
| DE | 89.117.54.77:33487 | tcp | |
| US | 8.8.8.8:53 | cvktlsdsholapet.com | udp |
| US | 8.8.8.8:53 | yslnsa.net | udp |
| US | 8.8.8.8:53 | iahmhgeoya.biz | udp |
| US | 8.8.8.8:53 | upbgkkdsholapet.cc | udp |
| US | 8.8.8.8:53 | rvoqtwfox.com | udp |
| US | 8.8.8.8:53 | gqlawgeoya.info | udp |
| US | 8.8.8.8:53 | qymmssiugkeq.net | udp |
| US | 8.8.8.8:53 | bdfqlcn.cc | udp |
| US | 8.8.8.8:53 | mohpsgfqbex.org | udp |
| US | 8.8.8.8:53 | mkxzgo.info | udp |
| US | 8.8.8.8:53 | wodkgyeoya.net | udp |
| US | 8.8.8.8:53 | hjhubwfox.cc | udp |
| US | 8.8.8.8:53 | hfmrgafox.org | udp |
| US | 8.8.8.8:53 | kapflsuiwcymao.biz | udp |
| US | 8.8.8.8:53 | aivsdgeoya.biz | udp |
| US | 8.8.8.8:53 | qprcjadsholapet.org | udp |
| US | 8.8.8.8:53 | sfwqaanansnan.com | udp |
| US | 8.8.8.8:53 | ugkjfiiugkeq.info | udp |
| US | 8.8.8.8:53 | kasatwiq.biz | udp |
| US | 8.8.8.8:53 | fwdsbsn.cc | udp |
| US | 8.8.8.8:53 | uqqigwnansnan.com | udp |
| US | 8.8.8.8:53 | iwqnwaiq.biz | udp |
| US | 8.8.8.8:53 | oevwwguiwcymao.info | udp |
| US | 8.8.8.8:53 | vtnwbsn.org | udp |
| US | 8.8.8.8:53 | gyfssk.info | udp |
| US | 8.8.8.8:53 | cgbywgeoya.biz | udp |
| US | 8.8.8.8:53 | kntxngfqbex.cc | udp |
| US | 8.8.8.8:53 | sntqrqfqbex.org | udp |
| US | 8.8.8.8:53 | keqaqwiugkeq.net | udp |
| US | 8.8.8.8:53 | ccfqsguiwcymao.biz | udp |
| US | 8.8.8.8:53 | uudadkdsholapet.cc | udp |
| US | 8.8.8.8:53 | mkaeumnansnan.org | udp |
| US | 8.8.8.8:53 | sebihguiwcymao.biz | udp |
| US | 8.8.8.8:53 | aispkeiq.net | udp |
| US | 8.8.8.8:53 | yejlkmnansnan.cc | udp |
| US | 8.8.8.8:53 | cafkbqfqbex.com | udp |
| US | 8.8.8.8:53 | akrcoueoya.net | udp |
| US | 8.8.8.8:53 | gwrxykuiwcymao.net | udp |
| US | 8.8.8.8:53 | xihaywfox.org | udp |
| US | 8.8.8.8:53 | ilwmradsholapet.org | udp |
| US | 89.117.170.9:45294 | tcp | |
| US | 8.8.8.8:53 | cudclguiwcymao.biz | udp |
| US | 8.8.8.8:53 | kyliisuiwcymao.net | udp |
| US | 8.8.8.8:53 | lzripifox.org | udp |
| US | 8.8.8.8:53 | sevaia.info | udp |
| US | 8.8.8.8:53 | ggxouqeoya.info | udp |
| US | 8.8.8.8:53 | qvlkzodsholapet.com | udp |
| US | 8.8.8.8:53 | rufpjsn.cc | udp |
| US | 8.8.8.8:53 | yyvilcuiwcymao.biz | udp |
| US | 8.8.8.8:53 | mariek.info | udp |
| US | 8.8.8.8:53 | ymxjpgfqbex.com | udp |
| US | 8.8.8.8:53 | ngzwjcn.com | udp |
| US | 8.8.8.8:53 | eajoyueoya.net | udp |
| US | 8.8.8.8:53 | aqbzwguiwcymao.info | udp |
| US | 8.8.8.8:53 | nkjgnkn.com | udp |
| US | 8.8.8.8:53 | gksugsdsholapet.cc | udp |
| US | 8.8.8.8:53 | ywebbeiq.biz | udp |
| US | 8.8.8.8:53 | iibjso.net | udp |
| US | 8.8.8.8:53 | opnanmnansnan.cc | udp |
| US | 8.8.8.8:53 | duwwfafox.cc | udp |
| US | 8.8.8.8:53 | sotaiqeoya.info | udp |
| US | 8.8.8.8:53 | gmzppyfqbex.org | udp |
| US | 8.8.8.8:53 | cpjzbyfqbex.cc | udp |
| US | 8.8.8.8:53 | icpliqeoya.biz | udp |
| US | 8.8.8.8:53 | gcxmzs.info | udp |
| US | 8.8.8.8:53 | aetgpyfqbex.cc | udp |
| US | 8.8.8.8:53 | fmgdnwfox.org | udp |
| US | 8.8.8.8:53 | amdgqkuiwcymao.biz | udp |
| US | 8.8.8.8:53 | gqqahaiugkeq.info | udp |
| US | 8.8.8.8:53 | stfmbenansnan.org | udp |
| US | 8.8.8.8:53 | fxnvcgn.com | udp |
| US | 8.8.8.8:53 | okecyiiugkeq.net | udp |
| US | 8.8.8.8:53 | msveigeoya.biz | udp |
| US | 8.8.8.8:53 | jehmxgn.org | udp |
| US | 8.8.8.8:53 | sdyriwnansnan.com | udp |
| US | 8.8.8.8:53 | mahfmsuiwcymao.biz | udp |
| US | 8.8.8.8:53 | eqrvoueoya.net | udp |
| US | 8.8.8.8:53 | kbzwdkdsholapet.cc | udp |
| US | 8.8.8.8:53 | zgduzgn.com | udp |
| US | 8.8.8.8:53 | qcklsmiq.net | udp |
| US | 8.8.8.8:53 | kxdwqgfqbex.com | udp |
| US | 8.8.8.8:53 | wrlndgfqbex.cc | udp |
| US | 8.8.8.8:53 | kolkhguiwcymao.net | udp |
| US | 8.8.8.8:53 | ccfocqeoya.info | udp |
| US | 8.8.8.8:53 | iqlrwwnansnan.org | udp |
| US | 8.8.8.8:53 | sdmumadsholapet.com | udp |
| US | 8.8.8.8:53 | kqowieiq.biz | udp |
| US | 8.8.8.8:53 | wcxwacuiwcymao.biz | udp |
| US | 8.8.8.8:53 | yphvdyfqbex.cc | udp |
| US | 8.8.8.8:53 | vbmgnafox.com | udp |
| US | 8.8.8.8:53 | qgnfmgeoya.biz | udp |
| US | 8.8.8.8:53 | gwtjza.info | udp |
| US | 8.8.8.8:53 | lohutkn.com | udp |
| US | 8.8.8.8:53 | xdngzcn.com | udp |
| US | 8.8.8.8:53 | gaycpaiq.net | udp |
| US | 8.8.8.8:53 | oorjesuiwcymao.biz | udp |
| US | 8.8.8.8:53 | rulrusfox.com | udp |
| US | 8.8.8.8:53 | gjwkhadsholapet.org | udp |
| US | 8.8.8.8:53 | watgjgeoya.info | udp |
| US | 8.8.8.8:53 | muipuaiq.info | udp |
| US | 8.8.8.8:53 | dszijcn.com | udp |
| US | 8.8.8.8:53 | pcholkn.org | udp |
| US | 8.8.8.8:53 | oqbahqeoya.net | udp |
| US | 8.8.8.8:53 | owesisiugkeq.biz | udp |
| US | 8.8.8.8:53 | oljgxadsholapet.cc | udp |
| US | 8.8.8.8:53 | vkygxifox.org | udp |
| US | 8.8.8.8:53 | coxumyeoya.net | udp |
| US | 8.8.8.8:53 | guesgsiugkeq.biz | udp |
| US | 8.8.8.8:53 | mdfgmmnansnan.cc | udp |
| US | 8.8.8.8:53 | ejkfkodsholapet.com | udp |
| DE | 84.32.209.6:42469 | tcp | |
| US | 8.8.8.8:53 | uwsunmiq.biz | udp |
| US | 8.8.8.8:53 | qogipaiq.biz | udp |
| US | 8.8.8.8:53 | altqradsholapet.cc | udp |
| US | 8.8.8.8:53 | uodypqfqbex.com | udp |
| US | 8.8.8.8:53 | imnargeoya.net | udp |
| US | 8.8.8.8:53 | sqcpjmiq.net | udp |
| US | 8.8.8.8:53 | cclwradsholapet.cc | udp |
| US | 8.8.8.8:53 | fzwmpwfox.org | udp |
| US | 8.8.8.8:53 | owztakuiwcymao.net | udp |
| US | 8.8.8.8:53 | ycdoeqeoya.biz | udp |
| US | 8.8.8.8:53 | mvzgvgfqbex.cc | udp |
| US | 8.8.8.8:53 | ehqvnanansnan.com | udp |
| US | 8.8.8.8:53 | kuuyeaiugkeq.net | udp |
| US | 8.8.8.8:53 | agdcas.net | udp |
| US | 8.8.8.8:53 | arhezenansnan.com | udp |
| US | 8.8.8.8:53 | mdenqadsholapet.org | udp |
| US | 8.8.8.8:53 | eqoygeiq.biz | udp |
| US | 8.8.8.8:53 | kqvomo.net | udp |
| US | 8.8.8.8:53 | gsxwoodsholapet.cc | udp |
| US | 8.8.8.8:53 | yhvtlgfqbex.com | udp |
| US | 8.8.8.8:53 | cwruns.biz | udp |
| US | 8.8.8.8:53 | ewrgra.info | udp |
| US | 8.8.8.8:53 | jbhtfgn.org | udp |
| US | 8.8.8.8:53 | vhhyksn.cc | udp |
| US | 8.8.8.8:53 | yadxsa.biz | udp |
| US | 8.8.8.8:53 | icucymiq.info | udp |
| US | 8.8.8.8:53 | capnvyfqbex.com | udp |
| US | 8.8.8.8:53 | gzycfanansnan.cc | udp |
| US | 8.8.8.8:53 | qcewewiq.info | udp |
| US | 8.8.8.8:53 | syktjaiugkeq.net | udp |
| US | 8.8.8.8:53 | jozwzafox.com | udp |
| US | 8.8.8.8:53 | gpwspmnansnan.cc | udp |
| US | 8.8.8.8:53 | mqgsxaiugkeq.net | udp |
| US | 8.8.8.8:53 | yopkua.info | udp |
| US | 8.8.8.8:53 | ndvcrgn.cc | udp |
| US | 8.8.8.8:53 | yxuqqadsholapet.org | udp |
| US | 8.8.8.8:53 | sapcno.info | udp |
| US | 8.8.8.8:53 | ewxgmk.info | udp |
| US | 8.8.8.8:53 | munmnkdsholapet.com | udp |
| US | 8.8.8.8:53 | ttzwcgn.cc | udp |
| US | 8.8.8.8:53 | emuqzwiq.biz | udp |
| US | 8.8.8.8:53 | giegosiugkeq.info | udp |
| US | 8.8.8.8:53 | pmxxgifox.org | udp |
| US | 8.8.8.8:53 | oceunkdsholapet.com | udp |
| US | 8.8.8.8:53 | asvxhs.biz | udp |
| US | 8.8.8.8:53 | ugjlekuiwcymao.net | udp |
| US | 8.8.8.8:53 | schwyadsholapet.org | udp |
| US | 8.8.8.8:53 | tjawhwfox.cc | udp |
| US | 8.8.8.8:53 | yobeuyeoya.info | udp |
| CA | 88.216.96.219:25335 | tcp | |
| US | 8.8.8.8:53 | gexcoyeoya.net | udp |
| US | 8.8.8.8:53 | ltptvafox.org | udp |
| US | 8.8.8.8:53 | tfbinkn.com | udp |
| US | 8.8.8.8:53 | mqrypqeoya.info | udp |
| US | 8.8.8.8:53 | ccfbrueoya.biz | udp |
| US | 8.8.8.8:53 | wxfsuenansnan.com | udp |
| US | 8.8.8.8:53 | jfmqhafox.com | udp |
| US | 8.8.8.8:53 | mebmdk.info | udp |
| US | 8.8.8.8:53 | aifbmguiwcymao.biz | udp |
| US | 8.8.8.8:53 | rgpgnwfox.org | udp |
| US | 8.8.8.8:53 | mlocqadsholapet.com | udp |
| US | 8.8.8.8:53 | mcjqmueoya.net | udp |
| US | 8.8.8.8:53 | iynsyyeoya.info | udp |
| US | 8.8.8.8:53 | nxpoowfox.com | udp |
| US | 8.8.8.8:53 | cmkmzmnansnan.com | udp |
| US | 8.8.8.8:53 | gkryis.info | udp |
| US | 8.8.8.8:53 | ykkwcsiugkeq.net | udp |
| US | 8.8.8.8:53 | uhdlhwnansnan.cc | udp |
| US | 8.8.8.8:53 | qxtgdufqbex.org | udp |
| US | 8.8.8.8:53 | csbgjueoya.biz | udp |
| US | 8.8.8.8:53 | ciaqiiiugkeq.biz | udp |
| US | 8.8.8.8:53 | kktaxsdsholapet.org | udp |
| US | 8.8.8.8:53 | cglzcufqbex.org | udp |
| US | 8.8.8.8:53 | cgxyia.net | udp |
| US | 8.8.8.8:53 | myozamiq.biz | udp |
| US | 8.8.8.8:53 | siruxqfqbex.org | udp |
| US | 8.8.8.8:53 | mhtceufqbex.org | udp |
| US | 8.8.8.8:53 | qulegyeoya.info | udp |
| US | 8.8.8.8:53 | celijcuiwcymao.info | udp |
| US | 8.8.8.8:53 | pvplfcn.cc | udp |
| US | 8.8.8.8:53 | upsqdenansnan.com | udp |
| US | 8.8.8.8:53 | qumwgmiq.net | udp |
| US | 8.8.8.8:53 | sqowawiq.info | udp |
| US | 8.8.8.8:53 | hlracsn.com | udp |
| US | 8.8.8.8:53 | vmokuwfox.com | udp |
| US | 8.8.8.8:53 | cstlnguiwcymao.biz | udp |
| US | 8.8.8.8:53 | eehapguiwcymao.biz | udp |
| US | 8.8.8.8:53 | cufuxadsholapet.org | udp |
| US | 8.8.8.8:53 | nejtjkn.org | udp |
| US | 8.8.8.8:53 | kwaobaiq.biz | udp |
| US | 8.8.8.8:53 | mmlmosuiwcymao.net | udp |
| US | 8.8.8.8:53 | cwdgpwnansnan.org | udp |
| US | 8.8.8.8:53 | skkstanansnan.cc | udp |
| US | 8.8.8.8:53 | wwlqhgeoya.net | udp |
| US | 8.8.8.8:53 | oilfio.biz | udp |
| US | 8.8.8.8:53 | hfhcdkn.cc | udp |
| US | 8.8.8.8:53 | eihotufqbex.org | udp |
| US | 8.8.8.8:53 | uolbqguiwcymao.biz | udp |
| US | 8.8.8.8:53 | mupwuqeoya.biz | udp |
| US | 8.8.8.8:53 | yznqxqfqbex.cc | udp |
| US | 8.8.8.8:53 | trbrysn.cc | udp |
| US | 8.8.8.8:53 | ikpcrueoya.biz | udp |
| US | 8.8.8.8:53 | cypwnsuiwcymao.biz | udp |
| US | 8.8.8.8:53 | inlsqenansnan.com | udp |
| US | 8.8.8.8:53 | gbpkhgfqbex.cc | udp |
| US | 8.8.8.8:53 | aylmbqeoya.biz | udp |
| US | 8.8.8.8:53 | yalqga.net | udp |
| US | 8.8.8.8:53 | wobzzwnansnan.com | udp |
| US | 8.8.8.8:53 | zxrihgn.cc | udp |
| US | 8.8.8.8:53 | oajgygeoya.biz | udp |
| US | 8.8.8.8:53 | wqcdhiiugkeq.info | udp |
| US | 8.8.8.8:53 | aptodqfqbex.cc | udp |
| US | 8.8.8.8:53 | uxkybodsholapet.org | udp |
| US | 8.8.8.8:53 | kqkucmiq.biz | udp |
| US | 8.8.8.8:53 | yeelwwiugkeq.info | udp |
| US | 8.8.8.8:53 | uftbdanansnan.org | udp |
| US | 8.8.8.8:53 | orgedodsholapet.cc | udp |
| US | 8.8.8.8:53 | ckjwws.biz | udp |
| US | 8.8.8.8:53 | wsqncmiq.biz | udp |
| US | 8.8.8.8:53 | oznoladsholapet.cc | udp |
| US | 8.8.8.8:53 | uymqdanansnan.cc | udp |
| US | 8.8.8.8:53 | sctaik.info | udp |
| US | 8.8.8.8:53 | cgeyaeiq.info | udp |
| US | 8.8.8.8:53 | qnpobwnansnan.com | udp |
| US | 8.8.8.8:53 | wvwmfwnansnan.org | udp |
| US | 8.8.8.8:53 | swgylwiugkeq.info | udp |
| PL | 86.38.224.149:36512 | tcp | |
| US | 8.8.8.8:53 | iajimsuiwcymao.net | udp |
| US | 8.8.8.8:53 | nsjrhafox.com | udp |
| US | 8.8.8.8:53 | mcxevguiwcymao.biz | udp |
| US | 8.8.8.8:53 | ymnqisuiwcymao.biz | udp |
| US | 8.8.8.8:53 | epzhpadsholapet.org | udp |
| US | 8.8.8.8:53 | frkkjifox.cc | udp |
| US | 8.8.8.8:53 | ycmaemiq.info | udp |
| US | 8.8.8.8:53 | sgpjlgeoya.biz | udp |
| US | 8.8.8.8:53 | jxzcesn.cc | udp |
| US | 8.8.8.8:53 | uecfvodsholapet.cc | udp |
| US | 8.8.8.8:53 | aidfuqeoya.biz | udp |
| US | 8.8.8.8:53 | ksovoiiugkeq.info | udp |
| US | 8.8.8.8:53 | dmnansn.cc | udp |
| US | 8.8.8.8:53 | uwwltodsholapet.com | udp |
| US | 8.8.8.8:53 | ocsoeaiugkeq.biz | udp |
| US | 8.8.8.8:53 | weoejaiq.info | udp |
| US | 8.8.8.8:53 | gertvkdsholapet.cc | udp |
| US | 8.8.8.8:53 | whstjwnansnan.cc | udp |
| US | 8.8.8.8:53 | iyyrimiq.net | udp |
| US | 8.8.8.8:53 | ekfomk.biz | udp |
| US | 8.8.8.8:53 | ttpwbwfox.com | udp |
| US | 8.8.8.8:53 | spofbodsholapet.com | udp |
| US | 8.8.8.8:53 | qyknfaiq.info | udp |
| US | 8.8.8.8:53 | mcjgkcuiwcymao.info | udp |
| US | 8.8.8.8:53 | igfaskdsholapet.org | udp |
| US | 8.8.8.8:53 | bssllifox.com | udp |
| US | 8.8.8.8:53 | gkpioa.net | udp |
| US | 8.8.8.8:53 | mwzcvo.info | udp |
| US | 8.8.8.8:53 | zgnsakn.com | udp |
| US | 8.8.8.8:53 | vtilrwfox.cc | udp |
| US | 8.8.8.8:53 | oitmmguiwcymao.biz | udp |
| US | 8.8.8.8:53 | qaflhsuiwcymao.biz | udp |
| US | 8.8.8.8:53 | pwlipkn.cc | udp |
| US | 8.8.8.8:53 | hgigeifox.org | udp |
| US | 8.8.8.8:53 | qkoouaiugkeq.biz | udp |
| US | 8.8.8.8:53 | oockpsiugkeq.biz | udp |
| US | 8.8.8.8:53 | kflqhwnansnan.org | udp |
| US | 8.8.8.8:53 | owfwvqfqbex.org | udp |
| US | 8.8.8.8:53 | gmkaywiq.biz | udp |
| LT | 62.80.229.89:34395 | tcp | |
| US | 8.8.8.8:53 | awdoageoya.biz | udp |
| US | 8.8.8.8:53 | qtrewqfqbex.cc | udp |
| US | 8.8.8.8:53 | ywzceyfqbex.org | udp |
| US | 8.8.8.8:53 | yuxiaguiwcymao.info | udp |
| US | 8.8.8.8:53 | uotqck.biz | udp |
| US | 8.8.8.8:53 | aglbwyfqbex.org | udp |
| US | 8.8.8.8:53 | ztkqlsfox.org | udp |
| US | 8.8.8.8:53 | eesizmiq.biz | udp |
| US | 8.8.8.8:53 | sikygmiq.biz | udp |
| US | 8.8.8.8:53 | aubczufqbex.com | udp |
| US | 8.8.8.8:53 | rmcwswfox.cc | udp |
| US | 8.8.8.8:53 | sqvcokuiwcymao.net | udp |
| US | 8.8.8.8:53 | acbnza.biz | udp |
| US | 8.8.8.8:53 | grxjiadsholapet.org | udp |
| US | 8.8.8.8:53 | ftsszifox.org | udp |
| US | 8.8.8.8:53 | wmuasaiq.info | udp |
| US | 8.8.8.8:53 | wmtyfcuiwcymao.net | udp |
| US | 8.8.8.8:53 | oorajmnansnan.com | udp |
| US | 8.8.8.8:53 | czfmlufqbex.org | udp |
| US | 8.8.8.8:53 | ymfwugeoya.net | udp |
| US | 8.8.8.8:53 | ecwvmiiugkeq.biz | udp |
| US | 8.8.8.8:53 | gxdmjyfqbex.com | udp |
| US | 8.8.8.8:53 | kapmjgfqbex.org | udp |
| US | 8.8.8.8:53 | giecbeiq.net | udp |
| US | 8.8.8.8:53 | wgecnmiq.net | udp |
| US | 8.8.8.8:53 | idbxmenansnan.cc | udp |
| US | 8.8.8.8:53 | zaqnbifox.cc | udp |
| US | 8.8.8.8:53 | maksmaiugkeq.biz | udp |
| US | 8.8.8.8:53 | bubcrifox.com | udp |
| US | 8.8.8.8:53 | kphesgfqbex.cc | udp |
| US | 8.8.8.8:53 | qqrmqyeoya.net | udp |
| US | 8.8.8.8:53 | gsjwmyeoya.info | udp |
| US | 8.8.8.8:53 | acjybkdsholapet.org | udp |
| US | 8.8.8.8:53 | pnglvifox.org | udp |
| US | 8.8.8.8:53 | eiryro.net | udp |
| US | 8.8.8.8:53 | agdrxgeoya.info | udp |
| US | 8.8.8.8:53 | hmvudifox.com | udp |
| US | 8.8.8.8:53 | vatadsn.cc | udp |
| US | 8.8.8.8:53 | yacmxaiq.net | udp |
| US | 8.8.8.8:53 | islmzgfqbex.org | udp |
| US | 8.8.8.8:53 | oefqyqfqbex.org | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | gkyuqaiugkeq.biz | udp |
| NL | 173.194.69.94:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | oxratmnansnan.org | udp |
| US | 8.8.8.8:53 | yqqbawnansnan.cc | udp |
| US | 8.8.8.8:53 | iohvma.net | udp |
| US | 8.8.8.8:53 | wqnupo.net | udp |
| US | 8.8.8.8:53 | iuzuiadsholapet.cc | udp |
| US | 8.8.8.8:53 | tmvtpkn.cc | udp |
| US | 8.8.8.8:53 | cugfziiugkeq.biz | udp |
| US | 8.8.8.8:53 | aepoha.info | udp |
| US | 8.8.8.8:53 | zkhoeifox.org | udp |
| US | 8.8.8.8:53 | yegjjenansnan.org | udp |
| US | 8.8.8.8:53 | cyvrsa.net | udp |
| US | 8.8.8.8:53 | mkxecs.info | udp |
| US | 8.8.8.8:53 | gsdegsdsholapet.cc | udp |
| US | 8.8.8.8:53 | zqysrsfox.org | udp |
| US | 8.8.8.8:53 | eqhpkueoya.biz | udp |
| US | 8.8.8.8:53 | ikjufgeoya.net | udp |
| US | 8.8.8.8:53 | gfbmogfqbex.com | udp |
| US | 8.8.8.8:53 | dwldhkn.org | udp |
| US | 8.8.8.8:53 | csxmwa.info | udp |
| US | 8.8.8.8:53 | iqdeckuiwcymao.biz | udp |
| US | 8.8.8.8:53 | tsjeqafox.org | udp |
| US | 8.8.8.8:53 | ptloqgn.com | udp |
| US | 8.8.8.8:53 | iugakwiq.net | udp |
| US | 8.8.8.8:53 | isvwmkuiwcymao.info | udp |
| US | 8.8.8.8:53 | gknmwufqbex.cc | udp |
| US | 8.8.8.8:53 | iznihqfqbex.com | udp |
| US | 8.8.8.8:53 | uiwcjsiugkeq.biz | udp |
| LT | 78.58.3.78:41969 | tcp | |
| US | 8.8.8.8:53 | gixftyeoya.info | udp |
| US | 8.8.8.8:53 | idvoxwnansnan.cc | udp |
| US | 8.8.8.8:53 | byzuxgn.cc | udp |
| US | 8.8.8.8:53 | iabuqguiwcymao.biz | udp |
| US | 8.8.8.8:53 | wurwgyeoya.info | udp |
| US | 8.8.8.8:53 | gjdfvwnansnan.com | udp |
| US | 8.8.8.8:53 | dffsrsn.org | udp |
| US | 8.8.8.8:53 | sivexyeoya.net | udp |
| US | 8.8.8.8:53 | uqpzckuiwcymao.info | udp |
| US | 8.8.8.8:53 | suzwfqfqbex.cc | udp |
| US | 8.8.8.8:53 | gpmmhodsholapet.org | udp |
| US | 8.8.8.8:53 | eszycs.net | udp |
| US | 8.8.8.8:53 | gcbgiguiwcymao.biz | udp |
| US | 8.8.8.8:53 | iefgbqfqbex.cc | udp |
| US | 8.8.8.8:53 | mymqnmnansnan.com | udp |
| US | 8.8.8.8:53 | cgpmps.net | udp |
| US | 8.8.8.8:53 | aulwxueoya.net | udp |
| US | 8.8.8.8:53 | orpjzqfqbex.com | udp |
| US | 8.8.8.8:53 | fxznrkn.org | udp |
| US | 8.8.8.8:53 | wglqssuiwcymao.biz | udp |
| US | 8.8.8.8:53 | cyayeaiugkeq.info | udp |
| US | 8.8.8.8:53 | sqdhpwnansnan.com | udp |
| US | 8.8.8.8:53 | snzmvgfqbex.cc | udp |
| US | 8.8.8.8:53 | moowyeiq.info | udp |
| US | 8.8.8.8:53 | kyahisiugkeq.biz | udp |
| US | 8.8.8.8:53 | mshmosdsholapet.org | udp |
| US | 8.8.8.8:53 | fieqtafox.cc | udp |
| US | 8.8.8.8:53 | weejmwiq.info | udp |
| US | 8.8.8.8:53 | sikaewiq.net | udp |
| US | 8.8.8.8:53 | zmjagwfox.org | udp |
| US | 8.8.8.8:53 | qluhvwnansnan.cc | udp |
| US | 8.8.8.8:53 | eatcucuiwcymao.biz | udp |
| US | 8.8.8.8:53 | cexuqgeoya.net | udp |
| US | 8.8.8.8:53 | qdzozwnansnan.org | udp |
| US | 8.8.8.8:53 | zbrcxgn.org | udp |
| US | 8.8.8.8:53 | gymyweiq.info | udp |
| US | 8.8.8.8:53 | aovyio.net | udp |
| US | 8.8.8.8:53 | ubnouadsholapet.com | udp |
| US | 8.8.8.8:53 | mifmcufqbex.cc | udp |
| US | 8.8.8.8:53 | qyybyiiugkeq.biz | udp |
| US | 8.8.8.8:53 | muacceiq.net | udp |
| US | 8.8.8.8:53 | egtpmodsholapet.org | udp |
| US | 8.8.8.8:53 | vfgjfafox.com | udp |
| US | 8.8.8.8:53 | swclbiiugkeq.net | udp |
| US | 8.8.8.8:53 | getgao.biz | udp |
| US | 8.8.8.8:53 | zxsgxsfox.cc | udp |
| US | 8.8.8.8:53 | ukbpuyeoya.net | udp |
| US | 8.8.8.8:53 | qceocwiq.biz | udp |
| US | 8.8.8.8:53 | bdrwrifox.org | udp |
| US | 8.8.8.8:53 | cesojwnansnan.com | udp |
| US | 8.8.8.8:53 | ggdhoo.info | udp |
| US | 8.8.8.8:53 | ymezueiq.info | udp |
| US | 8.8.8.8:53 | eexmdsdsholapet.org | udp |
| US | 8.8.8.8:53 | nqxyqgn.cc | udp |
| US | 8.8.8.8:53 | comqjwiq.biz | udp |
| US | 8.8.8.8:53 | yqwkqeiq.biz | udp |
| US | 8.8.8.8:53 | ytzmhufqbex.com | udp |
| US | 8.8.8.8:53 | gyxyvufqbex.com | udp |
| US | 8.8.8.8:53 | osfiqyeoya.biz | udp |
| US | 8.8.8.8:53 | mcdgasuiwcymao.net | udp |
| US | 8.8.8.8:53 | xqdbzcn.cc | udp |
| US | 8.8.8.8:53 | fyocvifox.cc | udp |
| US | 8.8.8.8:53 | isekeaiugkeq.net | udp |
| US | 8.8.8.8:53 | wkzkwk.biz | udp |
| US | 8.8.8.8:53 | rplohafox.com | udp |
| US | 8.8.8.8:53 | axmiladsholapet.org | udp |
| US | 8.8.8.8:53 | kihkqkuiwcymao.biz | udp |
| US | 8.8.8.8:53 | gmlhva.info | udp |
| US | 8.8.8.8:53 | aczswufqbex.cc | udp |
| US | 8.8.8.8:53 | aieosadsholapet.cc | udp |
| US | 8.8.8.8:53 | gyxodo.net | udp |
| US | 8.8.8.8:53 | ggmyveiq.info | udp |
| US | 8.8.8.8:53 | xkzsbgn.com | udp |
| LT | 78.63.93.73:32254 | tcp | |
| US | 8.8.8.8:53 | vjrgrcn.cc | udp |
| US | 8.8.8.8:53 | schqpueoya.info | udp |
| US | 8.8.8.8:53 | sartiyeoya.net | udp |
| US | 8.8.8.8:53 | qrvuvufqbex.com | udp |
| US | 8.8.8.8:53 | jonuakn.com | udp |
| US | 8.8.8.8:53 | owngpa.biz | udp |
| US | 8.8.8.8:53 | avhlmyfqbex.cc | udp |
| US | 8.8.8.8:53 | utiyvenansnan.org | udp |
| US | 8.8.8.8:53 | wykiwwiugkeq.info | udp |
| US | 8.8.8.8:53 | osusqmiq.biz | udp |
| US | 8.8.8.8:53 | sczrvufqbex.org | udp |
| US | 8.8.8.8:53 | qikivodsholapet.com | udp |
| US | 8.8.8.8:53 | mehcsyeoya.biz | udp |
| US | 8.8.8.8:53 | mkybywiugkeq.net | udp |
| US | 8.8.8.8:53 | xhhmuifox.cc | udp |
| US | 8.8.8.8:53 | lyfwngn.com | udp |
| US | 8.8.8.8:53 | uafdiguiwcymao.net | udp |
| US | 8.8.8.8:53 | eyrvmguiwcymao.biz | udp |
| US | 8.8.8.8:53 | eqjsisdsholapet.com | udp |
| US | 8.8.8.8:53 | eqkpxanansnan.com | udp |
| US | 8.8.8.8:53 | iybujyeoya.biz | udp |
| US | 8.8.8.8:53 | yuhgyo.biz | udp |
| US | 8.8.8.8:53 | kcdfasdsholapet.cc | udp |
| US | 8.8.8.8:53 | besntafox.com | udp |
| US | 8.8.8.8:53 | eqmumwiq.net | udp |
| US | 8.8.8.8:53 | egvwaa.biz | udp |
| US | 8.8.8.8:53 | xbxisafox.com | udp |
| US | 8.8.8.8:53 | qnozvwnansnan.org | udp |
| US | 8.8.8.8:53 | akpomo.net | udp |
| US | 8.8.8.8:53 | oyacsaiugkeq.info | udp |
| US | 8.8.8.8:53 | eutjzsdsholapet.cc | udp |
| US | 8.8.8.8:53 | owsuzwnansnan.org | udp |
| US | 8.8.8.8:53 | cgymowiq.biz | udp |
| US | 8.8.8.8:53 | mmfcecuiwcymao.biz | udp |
| US | 8.8.8.8:53 | cwdapgfqbex.cc | udp |
| US | 8.8.8.8:53 | lqvjfsn.cc | udp |
| US | 8.8.8.8:53 | ysfoqguiwcymao.biz | udp |
| US | 8.8.8.8:53 | yrhqrqfqbex.cc | udp |
| US | 8.8.8.8:53 | gitzhs.info | udp |
| US | 8.8.8.8:53 | qkiqfwiq.info | udp |
| US | 8.8.8.8:53 | ljxqosfox.org | udp |
| US | 8.8.8.8:53 | wndyoufqbex.com | udp |
| US | 8.8.8.8:53 | acjkvk.info | udp |
| US | 8.8.8.8:53 | ginmmyeoya.net | udp |
| US | 8.8.8.8:53 | zazemafox.com | udp |
| US | 8.8.8.8:53 | mqseyadsholapet.com | udp |
| US | 8.8.8.8:53 | oszimqeoya.info | udp |
| US | 8.8.8.8:53 | cwbggyeoya.biz | udp |
| US | 8.8.8.8:53 | rvlrtafox.com | udp |
| US | 8.8.8.8:53 | tgeshafox.cc | udp |
| US | 8.8.8.8:53 | uunoak.info | udp |
| US | 8.8.8.8:53 | qckmqeiq.biz | udp |
| US | 8.8.8.8:53 | mwdgrkdsholapet.cc | udp |
| US | 8.8.8.8:53 | pfgoksfox.cc | udp |
| US | 8.8.8.8:53 | qweicmiq.biz | udp |
| US | 8.8.8.8:53 | skhhiqeoya.biz | udp |
| US | 8.8.8.8:53 | vbznrgn.org | udp |
| US | 8.8.8.8:53 | srjilyfqbex.org | udp |
| US | 8.8.8.8:53 | qmdeho.biz | udp |
| US | 8.8.8.8:53 | zmjcssn.cc | udp |
| US | 8.8.8.8:53 | qregladsholapet.org | udp |
| US | 8.8.8.8:53 | ecxmyqeoya.info | udp |
| US | 8.8.8.8:53 | konziueoya.info | udp |
| LT | 78.62.2.125:26035 | tcp | |
| US | 8.8.8.8:53 | lxlshsfox.cc | udp |
| US | 8.8.8.8:53 | uquqtwnansnan.org | udp |
| US | 8.8.8.8:53 | yybqus.net | udp |
| US | 8.8.8.8:53 | wsugqwiugkeq.biz | udp |
| US | 8.8.8.8:53 | xufincn.cc | udp |
| US | 8.8.8.8:53 | aykcjmnansnan.org | udp |
| US | 8.8.8.8:53 | oukykaiugkeq.net | udp |
| US | 8.8.8.8:53 | qutejs.biz | udp |
| US | 8.8.8.8:53 | cgxlzqfqbex.cc | udp |
| US | 8.8.8.8:53 | uhvilyfqbex.com | udp |
| US | 8.8.8.8:53 | gqdsusuiwcymao.info | udp |
| US | 8.8.8.8:53 | umjaoueoya.biz | udp |
| US | 8.8.8.8:53 | suxenyfqbex.com | udp |
| US | 8.8.8.8:53 | bbbqogn.cc | udp |
| US | 8.8.8.8:53 | uyssoiiugkeq.info | udp |
| US | 8.8.8.8:53 | ighgjs.biz | udp |
| US | 8.8.8.8:53 | ccfscyfqbex.org | udp |
| US | 8.8.8.8:53 | yayvdenansnan.cc | udp |
| US | 8.8.8.8:53 | mqleuk.biz | udp |
| US | 8.8.8.8:53 | iodwkk.info | udp |
| US | 8.8.8.8:53 | txjfrsfox.com | udp |
| US | 8.8.8.8:53 | yfhjaufqbex.com | udp |
| US | 8.8.8.8:53 | aazpsguiwcymao.biz | udp |
| US | 8.8.8.8:53 | uykmdeiq.biz | udp |
| US | 8.8.8.8:53 | mhzuwmnansnan.cc | udp |
| US | 8.8.8.8:53 | uplovyfqbex.org | udp |
| US | 8.8.8.8:53 | akfhkcuiwcymao.info | udp |
| US | 8.8.8.8:53 | qgwoqsiugkeq.net | udp |
| US | 8.8.8.8:53 | hjjzngn.org | udp |
| US | 8.8.8.8:53 | axwbladsholapet.org | udp |
| US | 8.8.8.8:53 | waymuwiq.biz | udp |
| US | 8.8.8.8:53 | iucsusiugkeq.biz | udp |
| US | 8.8.8.8:53 | pkdrqafox.com | udp |
| US | 8.8.8.8:53 | wmbmlufqbex.com | udp |
| US | 8.8.8.8:53 | mersoqeoya.biz | udp |
| US | 8.8.8.8:53 | sudayanansnan.org | udp |
| US | 8.8.8.8:53 | zytejgn.com | udp |
| US | 8.8.8.8:53 | ycsceiiugkeq.net | udp |
| US | 8.8.8.8:53 | scbzksuiwcymao.info | udp |
| US | 8.8.8.8:53 | oitcuqfqbex.cc | udp |
| US | 8.8.8.8:53 | uoiydkdsholapet.org | udp |
| US | 8.8.8.8:53 | wwbqrcuiwcymao.info | udp |
| US | 8.8.8.8:53 | imdeek.info | udp |
| US | 8.8.8.8:53 | iqldiodsholapet.cc | udp |
| US | 8.8.8.8:53 | phqkvwfox.com | udp |
| US | 8.8.8.8:53 | owdajs.biz | udp |
| US | 8.8.8.8:53 | kqvkns.net | udp |
| US | 8.8.8.8:53 | skxdpufqbex.org | udp |
| US | 8.8.8.8:53 | vxaebafox.cc | udp |
| US | 8.8.8.8:53 | mmbvxs.info | udp |
| US | 8.8.8.8:53 | sooteiiugkeq.biz | udp |
| US | 8.8.8.8:53 | eebuikdsholapet.com | udp |
| US | 8.8.8.8:53 | oaxkjyfqbex.org | udp |
| KR | 89.117.232.61:29879 | tcp | |
| US | 8.8.8.8:53 | akzwsguiwcymao.info | udp |
| US | 8.8.8.8:53 | sgpxsqeoya.biz | udp |
| US | 8.8.8.8:53 | xcvpnsfox.com | udp |
| US | 8.8.8.8:53 | owkwlwnansnan.com | udp |
| US | 8.8.8.8:53 | wyciqwiugkeq.info | udp |
| US | 8.8.8.8:53 | auoiuaiugkeq.info | udp |
| US | 8.8.8.8:53 | vqtsgkn.com | udp |
| US | 8.8.8.8:53 | oodymo.net | udp |
| US | 8.8.8.8:53 | oaqxkaiugkeq.info | udp |
| US | 8.8.8.8:53 | xjnyvafox.org | udp |
| US | 8.8.8.8:53 | kcwidmnansnan.cc | udp |
| US | 8.8.8.8:53 | usmeciiugkeq.biz | udp |
| US | 8.8.8.8:53 | eugwbsiugkeq.biz | udp |
| US | 8.8.8.8:53 | fyflfkn.org | udp |
| US | 8.8.8.8:53 | riykswfox.cc | udp |
| US | 8.8.8.8:53 | uklyqa.biz | udp |
| US | 8.8.8.8:53 | ssgskwiq.net | udp |
| US | 8.8.8.8:53 | fddysifox.org | udp |
| US | 8.8.8.8:53 | goragufqbex.com | udp |
| US | 8.8.8.8:53 | ombweqeoya.net | udp |
| US | 8.8.8.8:53 | swbrgcuiwcymao.info | udp |
| US | 8.8.8.8:53 | zbtkbcn.org | udp |
| US | 8.8.8.8:53 | yessjmnansnan.org | udp |
| US | 8.8.8.8:53 | eapisguiwcymao.biz | udp |
| US | 8.8.8.8:53 | uktock.info | udp |
| US | 8.8.8.8:53 | bhdiokn.com | udp |
| US | 8.8.8.8:53 | mcmzqkdsholapet.org | udp |
| US | 8.8.8.8:53 | gqviuyeoya.biz | udp |
| US | 8.8.8.8:53 | ywyucaiugkeq.net | udp |
| US | 8.8.8.8:53 | wuhphyfqbex.org | udp |
| US | 8.8.8.8:53 | seporueoya.biz | udp |
| US | 8.8.8.8:53 | yiwsgeiq.info | udp |
| US | 8.8.8.8:53 | kolafadsholapet.cc | udp |
| US | 8.8.8.8:53 | gooelkdsholapet.com | udp |
| US | 8.8.8.8:53 | iqpjrueoya.biz | udp |
| US | 8.8.8.8:53 | yspsgk.net | udp |
| US | 8.8.8.8:53 | mbxihanansnan.cc | udp |
| US | 8.8.8.8:53 | uwubwanansnan.org | udp |
| US | 8.8.8.8:53 | uyayqwiugkeq.net | udp |
| US | 8.8.8.8:53 | cgimuwiugkeq.net | udp |
| US | 8.8.8.8:53 | iddqwqfqbex.cc | udp |
| US | 8.8.8.8:53 | ecgubkdsholapet.cc | udp |
| US | 8.8.8.8:53 | quzxoa.info | udp |
| US | 8.8.8.8:53 | mchwdanansnan.cc | udp |
| US | 8.8.8.8:53 | czvumyfqbex.com | udp |
| US | 8.8.8.8:53 | kqpskgeoya.biz | udp |
| US | 8.8.8.8:53 | qwlrvqeoya.net | udp |
| US | 8.8.8.8:53 | hrnudsfox.com | udp |
| US | 8.8.8.8:53 | sofmgs.biz | udp |
| US | 8.8.8.8:53 | sgbyko.info | udp |
| US | 8.8.8.8:53 | tozeksn.cc | udp |
| US | 8.8.8.8:53 | gxksrmnansnan.cc | udp |
| US | 8.8.8.8:53 | muxyoa.net | udp |
| US | 8.8.8.8:53 | osrqqqeoya.net | udp |
| US | 8.8.8.8:53 | cqznqsdsholapet.com | udp |
| US | 8.8.8.8:53 | scauaenansnan.org | udp |
| US | 8.8.8.8:53 | mevpuqeoya.biz | udp |
| US | 8.8.8.8:53 | aoiajwiq.biz | udp |
| US | 8.8.8.8:53 | ssxyxyfqbex.com | udp |
| US | 8.8.8.8:53 | mhekdwnansnan.com | udp |
| US | 8.8.8.8:53 | smawxwiq.info | udp |
| US | 8.8.8.8:53 | mqvoos.info | udp |
| US | 8.8.8.8:53 | kbdpjsdsholapet.cc | udp |
| US | 8.8.8.8:53 | ebganmnansnan.cc | udp |
| SG | 86.38.197.181:28096 | tcp | |
| US | 8.8.8.8:53 | iqgutmiq.biz | udp |
| US | 8.8.8.8:53 | umyehaiugkeq.biz | udp |
| US | 8.8.8.8:53 | nqjszwfox.org | udp |
| US | 8.8.8.8:53 | rxpwhsn.org | udp |
| US | 8.8.8.8:53 | ceaoqmiq.info | udp |
| US | 8.8.8.8:53 | yumeraiugkeq.net | udp |
| US | 8.8.8.8:53 | qfrqhadsholapet.org | udp |
| US | 8.8.8.8:53 | inemlenansnan.org | udp |
| US | 8.8.8.8:53 | esdwxo.net | udp |
| US | 8.8.8.8:53 | wsfiuyeoya.info | udp |
| US | 8.8.8.8:53 | amxgxodsholapet.org | udp |
| US | 8.8.8.8:53 | oxwyzwnansnan.cc | udp |
| US | 8.8.8.8:53 | qsvcxguiwcymao.biz | udp |
| US | 8.8.8.8:53 | keacqaiq.net | udp |
| US | 8.8.8.8:53 | whlptkdsholapet.org | udp |
| US | 8.8.8.8:53 | uarmoa.net | udp |
| US | 8.8.8.8:53 | wmhiwgeoya.net | udp |
| US | 8.8.8.8:53 | iypmnqfqbex.com | udp |
| US | 8.8.8.8:53 | fzhebgn.com | udp |
| US | 8.8.8.8:53 | gufuwueoya.net | udp |
| US | 8.8.8.8:53 | ceyxisiugkeq.biz | udp |
| US | 8.8.8.8:53 | yihkdufqbex.com | udp |
| US | 8.8.8.8:53 | yhcvdanansnan.org | udp |
| US | 8.8.8.8:53 | mgaeewiugkeq.info | udp |
| US | 8.8.8.8:53 | aoqyewiq.net | udp |
| US | 8.8.8.8:53 | lftrxgn.org | udp |
| US | 8.8.8.8:53 | qwkcekdsholapet.org | udp |
| US | 8.8.8.8:53 | omkrfaiq.info | udp |
| US | 8.8.8.8:53 | kgmcjeiq.net | udp |
| US | 8.8.8.8:53 | fhxsqkn.com | udp |
| US | 8.8.8.8:53 | aqqrpenansnan.org | udp |
| US | 8.8.8.8:53 | uqstaiiugkeq.biz | udp |
| US | 8.8.8.8:53 | kanyiyeoya.biz | udp |
| US | 8.8.8.8:53 | jpngpgn.org | udp |
| US | 8.8.8.8:53 | qwebdkdsholapet.org | udp |
| US | 8.8.8.8:53 | iydrmcuiwcymao.net | udp |
| US | 8.8.8.8:53 | wuhweyeoya.info | udp |
| US | 8.8.8.8:53 | uwerhsdsholapet.com | udp |
| US | 8.8.8.8:53 | ymqwleiq.net | udp |
| US | 8.8.8.8:53 | kovkhsdsholapet.org | udp |
| US | 8.8.8.8:53 | dlmkisfox.com | udp |
| US | 8.8.8.8:53 | ykqjawiugkeq.info | udp |
| US | 8.8.8.8:53 | cgtpxcuiwcymao.biz | udp |
| US | 8.8.8.8:53 | wqlyawnansnan.org | udp |
| US | 8.8.8.8:53 | qynqyk.info | udp |
| US | 8.8.8.8:53 | lqluewfox.org | udp |
| US | 8.8.8.8:53 | opyaxwnansnan.cc | udp |
| US | 8.8.8.8:53 | cuokwaiugkeq.net | udp |
| US | 8.8.8.8:53 | cycqgwiugkeq.biz | udp |
| US | 8.8.8.8:53 | shjjtyfqbex.org | udp |
| US | 8.8.8.8:53 | wtwmcmnansnan.org | udp |
| US | 8.8.8.8:53 | ionqna.biz | udp |
| US | 8.8.8.8:53 | wkbrhqeoya.net | udp |
| US | 8.8.8.8:53 | qjhuxodsholapet.org | udp |
| US | 8.8.8.8:53 | ykccnmnansnan.com | udp |
| US | 8.8.8.8:53 | yigutmiq.biz | udp |
| US | 8.8.8.8:53 | syrxsk.biz | udp |
| US | 8.8.8.8:53 | gsrgdqfqbex.org | udp |
| US | 8.8.8.8:53 | bmkwjsfox.cc | udp |
| US | 8.8.8.8:53 | ukywfeiq.info | udp |
| US | 8.8.8.8:53 | kszpsguiwcymao.net | udp |
| US | 8.8.8.8:53 | sjlmfufqbex.com | udp |
| US | 8.8.8.8:53 | rheemifox.cc | udp |
| US | 8.8.8.8:53 | mmrgya.net | udp |
| US | 8.8.8.8:53 | iidwsueoya.biz | udp |
| US | 8.8.8.8:53 | oevwfufqbex.cc | udp |
| LT | 78.62.118.198:15726 | tcp | |
| US | 8.8.8.8:53 | cucwoeiq.net | udp |
| US | 8.8.8.8:53 | iuhypqfqbex.com | udp |
| US | 8.8.8.8:53 | rivkbkn.cc | udp |
| US | 8.8.8.8:53 | aqpascuiwcymao.info | udp |
| US | 8.8.8.8:53 | qqdija.net | udp |
| US | 8.8.8.8:53 | hlfurafox.cc | udp |
| US | 8.8.8.8:53 | ptsmhsfox.com | udp |
| US | 8.8.8.8:53 | ggqiqwiugkeq.net | udp |
| US | 8.8.8.8:53 | cqjasqeoya.net | udp |
| US | 8.8.8.8:53 | qqfubodsholapet.org | udp |
| US | 8.8.8.8:53 | ajdkyyfqbex.org | udp |
| US | 8.8.8.8:53 | qascgsiugkeq.info | udp |
| US | 8.8.8.8:53 | gsypawiugkeq.info | udp |
| US | 8.8.8.8:53 | lyzklcn.cc | udp |
| US | 8.8.8.8:53 | cumuakdsholapet.cc | udp |
| US | 8.8.8.8:53 | kkcmkiiugkeq.net | udp |
| US | 8.8.8.8:53 | syviugeoya.net | udp |
| US | 8.8.8.8:53 | qfldwkdsholapet.com | udp |
| US | 8.8.8.8:53 | mbxusgfqbex.com | udp |
| US | 8.8.8.8:53 | earvms.net | udp |
| US | 8.8.8.8:53 | ewzycqeoya.info | udp |
| US | 8.8.8.8:53 | bbdggsn.org | udp |
| US | 8.8.8.8:53 | poldesn.org | udp |
| US | 8.8.8.8:53 | qyprca.biz | udp |
| US | 8.8.8.8:53 | qumekmiq.biz | udp |
| US | 8.8.8.8:53 | xurxbsfox.com | udp |
| US | 8.8.8.8:53 | bxcobafox.cc | udp |
| US | 8.8.8.8:53 | uqjgfqeoya.biz | udp |
| US | 8.8.8.8:53 | odnzxwnansnan.org | udp |
| US | 8.8.8.8:53 | vzfussn.cc | udp |
| US | 8.8.8.8:53 | uwajkwiq.info | udp |
| US | 8.8.8.8:53 | zezkhcn.org | udp |
| US | 8.8.8.8:53 | gcgdyaiugkeq.biz | udp |
| US | 8.8.8.8:53 | ugxiqgeoya.biz | udp |
| US | 8.8.8.8:53 | hqpevafox.org | udp |
| US | 8.8.8.8:53 | gkqthsdsholapet.org | udp |
| US | 8.8.8.8:53 | egjnusuiwcymao.net | udp |
| US | 8.8.8.8:53 | wmtoigeoya.info | udp |
| US | 8.8.8.8:53 | jndypgn.cc | udp |
| US | 8.8.8.8:53 | eteovmnansnan.com | udp |
| US | 8.8.8.8:53 | iormwyeoya.info | udp |
| US | 8.8.8.8:53 | uqsgmsiugkeq.net | udp |
| US | 8.8.8.8:53 | axttzufqbex.cc | udp |
| US | 8.8.8.8:53 | nuhczcn.org | udp |
| US | 8.8.8.8:53 | iahdbyeoya.net | udp |
| US | 8.8.8.8:53 | eaxmiyeoya.net | udp |
| US | 8.8.8.8:53 | qotcsufqbex.com | udp |
| US | 8.8.8.8:53 | qkfqcguiwcymao.net | udp |
| US | 8.8.8.8:53 | kglyxk.net | udp |
| US | 8.8.8.8:53 | qaemvsdsholapet.cc | udp |
| US | 8.8.8.8:53 | auvmdqeoya.info | udp |
| US | 8.8.8.8:53 | eorcbqeoya.info | udp |
| US | 8.8.8.8:53 | citadyfqbex.cc | udp |
| US | 8.8.8.8:53 | rukmpafox.com | udp |
| US | 8.8.8.8:53 | eqymksiugkeq.biz | udp |
| US | 8.8.8.8:53 | marwuo.biz | udp |
| US | 8.8.8.8:53 | pubgfwfox.cc | udp |
| US | 8.8.8.8:53 | suyglkdsholapet.cc | udp |
| US | 8.8.8.8:53 | cuzmjcuiwcymao.biz | udp |
| US | 8.8.8.8:53 | cikoyenansnan.com | udp |
| US | 8.8.8.8:53 | ukfwho.info | udp |
| US | 8.8.8.8:53 | mslazqeoya.info | udp |
| US | 8.8.8.8:53 | xjzgmgn.com | udp |
| US | 8.8.8.8:53 | nxvefgn.org | udp |
| US | 8.8.8.8:53 | mebcocuiwcymao.info | udp |
| US | 8.8.8.8:53 | gqcxsaiq.info | udp |
| US | 8.8.8.8:53 | pbtdxcn.org | udp |
| US | 8.8.8.8:53 | ucgmaiiugkeq.info | udp |
| US | 8.8.8.8:53 | ikfpuqeoya.biz | udp |
| LT | 78.60.93.15:17935 | tcp | |
| US | 8.8.8.8:53 | kehawkdsholapet.org | udp |
| US | 8.8.8.8:53 | godbpgfqbex.cc | udp |
| US | 8.8.8.8:53 | mezops.net | udp |
| US | 8.8.8.8:53 | iytoms.net | udp |
| US | 8.8.8.8:53 | ywrlnqfqbex.cc | udp |
| US | 8.8.8.8:53 | yhmwnadsholapet.com | udp |
| US | 8.8.8.8:53 | swoeteiq.biz | udp |
| US | 8.8.8.8:53 | iedgio.info | udp |
| US | 8.8.8.8:53 | tbfkqkn.com | udp |
| US | 8.8.8.8:53 | bwcxfsfox.com | udp |
| US | 8.8.8.8:53 | ecnjfsuiwcymao.biz | udp |
| US | 8.8.8.8:53 | uixctueoya.net | udp |
| US | 8.8.8.8:53 | aflhlanansnan.com | udp |
| US | 8.8.8.8:53 | pdzosgn.cc | udp |
| US | 8.8.8.8:53 | ukzkckuiwcymao.net | udp |
| US | 8.8.8.8:53 | cekcumiq.info | udp |
| US | 8.8.8.8:53 | bxzorcn.com | udp |
| US | 8.8.8.8:53 | suobfmnansnan.org | udp |
| US | 8.8.8.8:53 | mkbansuiwcymao.info | udp |
| US | 8.8.8.8:53 | yywpvwiq.net | udp |
| US | 8.8.8.8:53 | yjrmlkdsholapet.cc | udp |
| US | 8.8.8.8:53 | qjnepyfqbex.org | udp |
| US | 8.8.8.8:53 | iarixcuiwcymao.info | udp |
| US | 8.8.8.8:53 | omuiveiq.info | udp |
| US | 8.8.8.8:53 | hxjcbsfox.org | udp |
| US | 8.8.8.8:53 | jrnqhsn.cc | udp |
| US | 8.8.8.8:53 | gglsua.net | udp |
| US | 8.8.8.8:53 | ogaalmiq.net | udp |
| US | 8.8.8.8:53 | llrphsn.com | udp |
| US | 8.8.8.8:53 | nnbackn.org | udp |
| US | 8.8.8.8:53 | gmnycsuiwcymao.info | udp |
| US | 8.8.8.8:53 | cwbodcuiwcymao.net | udp |
| US | 8.8.8.8:53 | cieihodsholapet.org | udp |
| US | 8.8.8.8:53 | wsecgmiq.biz | udp |
| US | 8.8.8.8:53 | usbmsyeoya.net | udp |
| US | 8.8.8.8:53 | mgtexwnansnan.cc | udp |
| US | 8.8.8.8:53 | pcfarkn.org | udp |
| US | 8.8.8.8:53 | cavsgqeoya.biz | udp |
| US | 8.8.8.8:53 | swzpiqeoya.biz | udp |
| US | 8.8.8.8:53 | llfpeifox.org | udp |
| US | 8.8.8.8:53 | gizabufqbex.cc | udp |
| US | 8.8.8.8:53 | iopsmgeoya.biz | udp |
| US | 8.8.8.8:53 | mijnao.info | udp |
| US | 8.8.8.8:53 | dqfulcn.cc | udp |
| US | 8.8.8.8:53 | kygwmkdsholapet.com | udp |
| US | 8.8.8.8:53 | yqzivyeoya.net | udp |
| US | 8.8.8.8:53 | qojcbgeoya.net | udp |
| US | 8.8.8.8:53 | utvkyyfqbex.org | udp |
| US | 8.8.8.8:53 | zdiclwfox.org | udp |
| US | 8.8.8.8:53 | mclqzo.info | udp |
| US | 8.8.8.8:53 | osemzsiugkeq.biz | udp |
| US | 8.8.8.8:53 | oowfvkdsholapet.org | udp |
| US | 8.8.8.8:53 | mogguaiq.biz | udp |
| US | 8.8.8.8:53 | iupqacuiwcymao.info | udp |
| US | 8.8.8.8:53 | bhjjnwfox.cc | udp |
| US | 8.8.8.8:53 | ucqwcsdsholapet.org | udp |
| US | 8.8.8.8:53 | ykfito.net | udp |
| US | 8.8.8.8:53 | mgtzwcuiwcymao.info | udp |
| LT | 212.12.200.27:27888 | tcp | |
| US | 8.8.8.8:53 | lvtshifox.org | udp |
| US | 8.8.8.8:53 | bndqign.cc | udp |
| US | 8.8.8.8:53 | uerodk.net | udp |
| US | 8.8.8.8:53 | cifoacuiwcymao.net | udp |
| US | 8.8.8.8:53 | ktherkdsholapet.com | udp |
| US | 8.8.8.8:53 | ggymjwnansnan.org | udp |
| US | 8.8.8.8:53 | eesuoeiq.net | udp |
| US | 8.8.8.8:53 | eaiabeiq.info | udp |
| US | 8.8.8.8:53 | osjozqfqbex.cc | udp |
| US | 8.8.8.8:53 | eytsiyfqbex.org | udp |
| US | 8.8.8.8:53 | kerzoueoya.net | udp |
| US | 8.8.8.8:53 | iqjuiyeoya.biz | udp |
| US | 8.8.8.8:53 | bjxctkn.com | udp |
| US | 8.8.8.8:53 | atufrkdsholapet.org | udp |
| US | 8.8.8.8:53 | cqfsakuiwcymao.info | udp |
| US | 8.8.8.8:53 | sonmsguiwcymao.net | udp |
| US | 8.8.8.8:53 | ktvtuqfqbex.com | udp |
| US | 8.8.8.8:53 | swptcufqbex.org | udp |
| US | 8.8.8.8:53 | uitqgqeoya.info | udp |
| US | 8.8.8.8:53 | yesswaiugkeq.biz | udp |
| US | 8.8.8.8:53 | vjrqpifox.com | udp |
| US | 8.8.8.8:53 | bkblrgn.com | udp |
| US | 8.8.8.8:53 | iawlyaiq.biz | udp |
| US | 8.8.8.8:53 | iyoameiq.info | udp |
| US | 8.8.8.8:53 | egfglodsholapet.org | udp |
| US | 8.8.8.8:53 | sjogyodsholapet.com | udp |
| US | 8.8.8.8:53 | akpqxgeoya.info | udp |
| US | 8.8.8.8:53 | oibecs.net | udp |
| US | 8.8.8.8:53 | schgpenansnan.cc | udp |
| US | 8.8.8.8:53 | xuwwxafox.cc | udp |
| US | 8.8.8.8:53 | ockwkwiq.biz | udp |
| US | 8.8.8.8:53 | iqdssqeoya.net | udp |
| US | 8.8.8.8:53 | tlnseifox.org | udp |
| US | 8.8.8.8:53 | jzkufsfox.cc | udp |
| US | 8.8.8.8:53 | wedkha.net | udp |
| US | 8.8.8.8:53 | aggedsiugkeq.biz | udp |
| US | 8.8.8.8:53 | lgjemifox.cc | udp |
| US | 8.8.8.8:53 | teeyesfox.com | udp |
| US | 8.8.8.8:53 | iiksqeiq.biz | udp |
| US | 8.8.8.8:53 | gunansuiwcymao.biz | udp |
| US | 8.8.8.8:53 | vorwjkn.com | udp |
| US | 8.8.8.8:53 | spcyamnansnan.com | udp |
| US | 8.8.8.8:53 | ouiclaiugkeq.info | udp |
| US | 8.8.8.8:53 | gikzowiq.net | udp |
| US | 8.8.8.8:53 | gdhaksdsholapet.org | udp |
| US | 8.8.8.8:53 | yeyofaiq.biz | udp |
| US | 8.8.8.8:53 | csfjwk.info | udp |
| US | 8.8.8.8:53 | unrslqfqbex.org | udp |
| US | 8.8.8.8:53 | ojaiekdsholapet.com | udp |
| US | 8.8.8.8:53 | eetgus.net | udp |
| US | 8.8.8.8:53 | iuhmisdsholapet.cc | udp |
| US | 8.8.8.8:53 | cegyfodsholapet.com | udp |
| US | 8.8.8.8:53 | qauaiwiq.net | udp |
| US | 8.8.8.8:53 | wkjcmqeoya.biz | udp |
| US | 8.8.8.8:53 | ijnkngfqbex.org | udp |
| US | 8.8.8.8:53 | qfdxjufqbex.cc | udp |
| US | 8.8.8.8:53 | kwlwcyeoya.biz | udp |
| US | 8.8.8.8:53 | ckmsgiiugkeq.biz | udp |
| US | 8.8.8.8:53 | pmvcfifox.org | udp |
| US | 8.8.8.8:53 | pbkgmafox.cc | udp |
| US | 8.8.8.8:53 | akpmis.biz | udp |
| US | 8.8.8.8:53 | eapucyeoya.net | udp |
| US | 8.8.8.8:53 | ebhswkdsholapet.cc | udp |
| US | 8.8.8.8:53 | jurxicn.com | udp |
| US | 8.8.8.8:53 | cczwkgeoya.net | udp |
| LT | 78.62.69.177:30444 | tcp | |
| US | 8.8.8.8:53 | oavnko.net | udp |
| US | 8.8.8.8:53 | wipylufqbex.cc | udp |
| US | 8.8.8.8:53 | iranpadsholapet.com | udp |
| US | 8.8.8.8:53 | ycrymk.biz | udp |
| US | 8.8.8.8:53 | zaldfafox.com | udp |
| US | 8.8.8.8:53 | fdtekgn.org | udp |
| US | 8.8.8.8:53 | kyksdwiq.net | udp |
| US | 8.8.8.8:53 | keqkdaiugkeq.biz | udp |
| US | 8.8.8.8:53 | qslgfyfqbex.com | udp |
| US | 8.8.8.8:53 | ntguyifox.com | udp |
| US | 8.8.8.8:53 | eyepgmiq.biz | udp |
| US | 8.8.8.8:53 | jsfxdcn.com | udp |
| US | 8.8.8.8:53 | akkzsmiq.biz | udp |
| US | 8.8.8.8:53 | medcayeoya.biz | udp |
| US | 8.8.8.8:53 | gwdjqufqbex.cc | udp |
| US | 8.8.8.8:53 | lusihsfox.cc | udp |
| US | 8.8.8.8:53 | kggqywiugkeq.info | udp |
| US | 8.8.8.8:53 | sylkkk.info | udp |
| US | 8.8.8.8:53 | kxpohsdsholapet.cc | udp |
| US | 8.8.8.8:53 | cpcsmanansnan.cc | udp |
| US | 8.8.8.8:53 | suvfsgeoya.biz | udp |
| US | 8.8.8.8:53 | csudmaiq.net | udp |
| US | 8.8.8.8:53 | kdisisdsholapet.cc | udp |
| US | 8.8.8.8:53 | emfkcgeoya.info | udp |
| US | 8.8.8.8:53 | ubvyukdsholapet.org | udp |
| US | 8.8.8.8:53 | wdwkwanansnan.cc | udp |
| US | 8.8.8.8:53 | iqgexwiq.net | udp |
| US | 8.8.8.8:53 | qasousiugkeq.net | udp |
| US | 8.8.8.8:53 | tcpfuifox.cc | udp |
| US | 8.8.8.8:53 | nujkukn.cc | udp |
| US | 8.8.8.8:53 | wospgeiq.info | udp |
| US | 8.8.8.8:53 | ybjynenansnan.com | udp |
| US | 8.8.8.8:53 | camquanansnan.com | udp |
| US | 8.8.8.8:53 | uookkaiugkeq.biz | udp |
| US | 8.8.8.8:53 | gkvbggeoya.biz | udp |
| US | 8.8.8.8:53 | nzrougn.org | udp |
| US | 8.8.8.8:53 | dgpklcn.cc | udp |
| US | 8.8.8.8:53 | uoxeok.net | udp |
| US | 8.8.8.8:53 | qovevgeoya.biz | udp |
| US | 8.8.8.8:53 | eylahwnansnan.com | udp |
| US | 8.8.8.8:53 | khwufanansnan.org | udp |
| US | 8.8.8.8:53 | geteqyeoya.info | udp |
| US | 8.8.8.8:53 | igvpjkuiwcymao.info | udp |
| US | 8.8.8.8:53 | grzqlyfqbex.cc | udp |
| US | 8.8.8.8:53 | nyeufwfox.org | udp |
| US | 8.8.8.8:53 | qsleiqeoya.biz | udp |
| US | 8.8.8.8:53 | wgrcdadsholapet.cc | udp |
| US | 8.8.8.8:53 | xczyecn.com | udp |
| US | 8.8.8.8:53 | wipwmueoya.biz | udp |
| US | 8.8.8.8:53 | amngrguiwcymao.net | udp |
| US | 8.8.8.8:53 | stjrhenansnan.com | udp |
| US | 8.8.8.8:53 | mmvkpkuiwcymao.net | udp |
| US | 8.8.8.8:53 | aaonhaiugkeq.info | udp |
| US | 8.8.8.8:53 | sftmlkdsholapet.org | udp |
| US | 8.8.8.8:53 | qvkojenansnan.org | udp |
| US | 8.8.8.8:53 | gcefaeiq.biz | udp |
| LT | 89.117.223.145:37143 | tcp | |
| US | 8.8.8.8:53 | wyogswiugkeq.biz | udp |
| US | 8.8.8.8:53 | xjbgnsn.com | udp |
| US | 8.8.8.8:53 | jploakn.com | udp |
| US | 8.8.8.8:53 | mmrsnueoya.info | udp |
| US | 8.8.8.8:53 | omrekkdsholapet.com | udp |
| US | 8.8.8.8:53 | yvsfvadsholapet.com | udp |
| US | 8.8.8.8:53 | aefitcuiwcymao.info | udp |
| US | 8.8.8.8:53 | gqdkeueoya.net | udp |
| US | 8.8.8.8:53 | qdlypmnansnan.cc | udp |
| US | 8.8.8.8:53 | sifuwa.biz | udp |
| US | 8.8.8.8:53 | ksuegmiq.net | udp |
| US | 8.8.8.8:53 | razczcn.cc | udp |
| US | 8.8.8.8:53 | rqffzgn.com | udp |
| US | 8.8.8.8:53 | eepjbsuiwcymao.info | udp |
| US | 8.8.8.8:53 | aqzasqeoya.info | udp |
| US | 8.8.8.8:53 | vljnpwfox.org | udp |
| US | 8.8.8.8:53 | impifufqbex.cc | udp |
| US | 8.8.8.8:53 | ikkodiiugkeq.info | udp |
| US | 8.8.8.8:53 | asibuwiugkeq.info | udp |
| US | 8.8.8.8:53 | uxzsdkdsholapet.com | udp |
| US | 8.8.8.8:53 | mmjiwqfqbex.cc | udp |
| US | 8.8.8.8:53 | ocmzdmiq.net | udp |
| US | 8.8.8.8:53 | cynhmueoya.info | udp |
| US | 8.8.8.8:53 | sftccmnansnan.cc | udp |
Files
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
| MD5 | 85cb856b920e7b0b7b75115336fc2af2 |
| SHA1 | 1d1a207efec2f5187583b652c35aef74ee4c473f |
| SHA256 | 6fff20aabe8265b6e811c9dbcb987f9c15cf07d1d8b80ced7b287d96900f5c62 |
| SHA512 | 120ff9c77c19216e5691b6ba812f09f7db7b46685a391027fff56e5b73200f4211b6bac2c2d28cdfe461d1fbf10f1a3204adeedbd0a34a034a862c6278d901e8 |
C:\Windows\SysWOW64\jaykgzsmysoctbsthh.exe
| MD5 | c7e5d9b24e40b9b5909256350f70b10b |
| SHA1 | fb9d569e524b0cbe1f4a4a600ada58f687a7aee4 |
| SHA256 | 2e7aa86c211bcba2701f0d5acd491714bcbaf5f5cd6e930bc9795fdfb2a7f859 |
| SHA512 | 2cb935a8f5f1bc4fafbcd7de1bd3dabe65e31a2f3f860dcfbc65aad89242841e59fc6fffec922f20f4c983723329503060b00e4e7152873730c7de41b93a17ea |
C:\Users\Admin\AppData\Local\Temp\hmyyip.exe
| MD5 | 00d3e24dcf409ac926fab68da7f97e67 |
| SHA1 | 131eb56e1b5dc09f17be395c6294d690a58ed45b |
| SHA256 | b8154726e58a62b52e2860717b0f0f2bbdecaa2f9e32ed521cb2bd31442ed4be |
| SHA512 | f60ea70e785b5e82ba81b9968e716fd2fa5b9fe9bffee2aa3736648fa41450ddf9748e8df0f149412de5199fb7cd5767202baf9c18a41336094001692537d7ec |
C:\Users\Admin\AppData\Local\xwcwabceyaeazpoxtbxwcw.bce
| MD5 | 3013495010498d20972a875e33769ca4 |
| SHA1 | 045a7f520b90249cdfe3aa17ac65eb9ebfe9b720 |
| SHA256 | 0f431deaa72269ed461bb4d6a16ac30ca83981a7a326acf3386e437b43bff3e4 |
| SHA512 | 101319fcb5217191b729d0142b173648ef129ef4c6b783f747d6676eece5c5ff862cbacc5a98d9e781fd76235be94c6e9b5869b1f126a7a5eed3268637820824 |
C:\Users\Admin\AppData\Local\oypujvhuzmbistdxexeofkzlxkpcryijt.unu
| MD5 | adc93a8f3b7ba5cbc9d31ca4c1548752 |
| SHA1 | 17eed569c29985c23eeb38ecd311364caabae9a9 |
| SHA256 | 76b3257f7b2040cc0b2ff45c3dd401513f41e122ac64bf054e39737f7fdb3386 |
| SHA512 | ab985d2e22d3fdf7fbf7fe23992eb2fc181ca327bad0f77b0cca079cef488bbfe89f4a87413bc5894e15658e5a9186b5d1f4251bd8cbfee2702b3f5e6cacc40b |
C:\Program Files (x86)\xwcwabceyaeazpoxtbxwcw.bce
| MD5 | 6c8e33de6c120c7fbc02824ffce458e4 |
| SHA1 | eae802f217333fb8fdec2ba712dc06b1e024c91f |
| SHA256 | b0fe705c520b41251a16c677fe700fb3b5b34a4be33965ac0037c395284d550f |
| SHA512 | 8371762e885b246b4278c74075b3247fedbd803a2db03f31f35e461b3ab932b22a332a203585b25f8d7ecdfe0ab469badd03c02c0cef9a050a97b2fabe578fb0 |
C:\Program Files (x86)\xwcwabceyaeazpoxtbxwcw.bce
| MD5 | 98de08751087e9d0a4965c3ed7e955ce |
| SHA1 | fbab36d5a1f24acdf35c7f5dc168f0ce4e8c2726 |
| SHA256 | 41ff0fc6c76494d8596977538af6b49931bab4a6ceeb6dde7f590b665aa5a2ee |
| SHA512 | 8db259c91c816d3789b7851d620c1f6bc0ec8424269d0c9ab7765dede0b30c049c79add0ab361bfd2dcc0fc1e4169f2ace9b101c67f955f388318c435dc9c237 |
C:\Program Files (x86)\xwcwabceyaeazpoxtbxwcw.bce
| MD5 | 5fd690adfcb271f08acc758878a0beba |
| SHA1 | 0be43201985fb0f25c4205800694bff6ef5a515a |
| SHA256 | d28a728ae2d449fc0cbb3a0675c175c53ba4d33d91c95570b2f3a371612e5814 |
| SHA512 | 2cbef223ca7fa04ba63ab03901a40473e2441c73c443422fc733139ab111f145ea522f6f9482501ac97cd550595adfe817821aa6f084b64dba656e6058d6de44 |
C:\Program Files (x86)\xwcwabceyaeazpoxtbxwcw.bce
| MD5 | 041c888b48b5c809d7cff216e819eee1 |
| SHA1 | d56e72c91a9e691dbe319b6781af8cd0411b5d00 |
| SHA256 | 77432700c095497f69acf30e1eff8527f163f55966b279f40aad40ca40a77643 |
| SHA512 | 8e97af72c91b75eae1727fea45c0e8016af9250bf1a3df7f104061ee39fa50d6daea34324e229a9e426a240c38fc54f7290a9ada080c0128301f8665b3ddadb0 |
C:\Program Files (x86)\xwcwabceyaeazpoxtbxwcw.bce
| MD5 | 6c59c253071c00f3cf039cc32f7b714b |
| SHA1 | 9a9b11d54a67e560678842a274655d1205dd1c27 |
| SHA256 | c14775c097be583b6c6c8ea53ae024c1e4468e4b87a9584603dcab0c89076023 |
| SHA512 | f55d9c789d2c7abb11934b94c87db63aca687cbdf51bd4f8e753a4ba8cfd4069fbfd7a936ba122331c53d00d4e384378a1b771e438a2911db01fcedf543bee38 |
C:\Program Files (x86)\xwcwabceyaeazpoxtbxwcw.bce
| MD5 | ad26c91b0c12f06158b53d065dbb371f |
| SHA1 | 4c91656e839f4456efd0971abba9fb190209e4d1 |
| SHA256 | 9d9c246f888146f92fbab88be4b0017e42e135360d642f25c60462fe1add998d |
| SHA512 | 368e95dd9905acf566912ccd120d9fcaeaea3b902d9f8730754a20ae2043b2517e5f6776b8add11b419b21036ba5ff17325d05bd3abe3570e9ca4bd67b414da2 |