Analysis Overview
SHA256
26aa0051cdca76b6fea6ef46de623fc60b21b3adcb3100e3366ab638fe9c3a38
Threat Level: Known bad
The file JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
Pykspa
Pykspa family
UAC bypass
Detect Pykspa worm
Adds policy Run key to start application
Disables RegEdit via registry modification
Blocklisted process makes network request
Checks computer location settings
Executes dropped EXE
Impair Defenses: Safe Mode Boot
Checks whether UAC is enabled
Hijack Execution Flow: Executable Installer File Permissions Weakness
Adds Run key to start application
Looks up external IP address via web service
Drops autorun.inf file
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
System policy modification
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-21 06:04
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-21 06:04
Reported
2025-04-21 06:06
Platform
win10v2004-20250314-en
Max time kernel
49s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "czlmfcwoigcxuomsvfqnz.exe" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "zryuiapcrkbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "zryuiapcrkbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzhetmcqgasjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njuumibslidxtmjoqzjf.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "avfevqiyqmgzumimnve.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njuumibslidxtmjoqzjf.exe" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "avfevqiyqmgzumimnve.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "czlmfcwoigcxuomsvfqnz.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "gzhetmcqgasjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "avfevqiyqmgzumimnve.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzhetmcqgasjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "njuumibslidxtmjoqzjf.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "zryuiapcrkbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzhetmcqgasjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "njuumibslidxtmjoqzjf.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njuumibslidxtmjoqzjf.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czlmfcwoigcxuomsvfqnz.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "gzhetmcqgasjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czlmfcwoigcxuomsvfqnz.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "zryuiapcrkbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "gzhetmcqgasjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "njuumibslidxtmjoqzjf.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "njuumibslidxtmjoqzjf.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzhetmcqgasjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "gzhetmcqgasjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avfevqiyqmgzumimnve.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjsqgargxsldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czlmfcwoigcxuomsvfqnz.exe" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzhetmcqgasjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "czlmfcwoigcxuomsvfqnz.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czlmfcwoigcxuomsvfqnz.exe" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "njuumibslidxtmjoqzjf.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzhetmcqgasjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avfevqiyqmgzumimnve.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "avfevqiyqmgzumimnve.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czlmfcwoigcxuomsvfqnz.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzhetmcqgasjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\zryuiapcrkbrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\njuumibslidxtmjoqzjf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\njuumibslidxtmjoqzjf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\pjsqgargxsldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\zryuiapcrkbrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\avfevqiyqmgzumimnve.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\avfevqiyqmgzumimnve.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\avfevqiyqmgzumimnve.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\zryuiapcrkbrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\gzhetmcqgasjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\zryuiapcrkbrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\gzhetmcqgasjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\avfevqiyqmgzumimnve.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\zryuiapcrkbrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\avfevqiyqmgzumimnve.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\njuumibslidxtmjoqzjf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\pjsqgargxsldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\avfevqiyqmgzumimnve.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\zryuiapcrkbrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\avfevqiyqmgzumimnve.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\pjsqgargxsldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\avfevqiyqmgzumimnve.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\pjsqgargxsldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\njuumibslidxtmjoqzjf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\pjsqgargxsldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\gzhetmcqgasjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\pjsqgargxsldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\czlmfcwoigcxuomsvfqnz.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zryuiapcrkbrjyrs = "czlmfcwoigcxuomsvfqnz.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gzhetmcqgasjcsmon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjsqgargxsldxojmmt.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pjsqgargxsldxojmmt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njuumibslidxtmjoqzjf.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "pjsqgargxsldxojmmt.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "zryuiapcrkbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjsqgargxsldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gzhetmcqgasjcsmon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njuumibslidxtmjoqzjf.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pjsqgargxsldxojmmt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czlmfcwoigcxuomsvfqnz.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zryuiapcrkbrjyrs = "pjsqgargxsldxojmmt.exe ." | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pjsqgargxsldxojmmt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czlmfcwoigcxuomsvfqnz.exe" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "czlmfcwoigcxuomsvfqnz.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "czlmfcwoigcxuomsvfqnz.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zryuiapcrkbrjyrs = "pjsqgargxsldxojmmt.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njuumibslidxtmjoqzjf.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "czlmfcwoigcxuomsvfqnz.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "gzhetmcqgasjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "pjsqgargxsldxojmmt.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "njuumibslidxtmjoqzjf.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzhetmcqgasjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avfevqiyqmgzumimnve.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njuumibslidxtmjoqzjf.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zryuiapcrkbrjyrs = "zryuiapcrkbrjyrs.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "pjsqgargxsldxojmmt.exe ." | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "njuumibslidxtmjoqzjf.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pjsqgargxsldxojmmt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjsqgargxsldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "gzhetmcqgasjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "avfevqiyqmgzumimnve.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "gzhetmcqgasjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zryuiapcrkbrjyrs = "pjsqgargxsldxojmmt.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "pjsqgargxsldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gzhetmcqgasjcsmon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czlmfcwoigcxuomsvfqnz.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zryuiapcrkbrjyrs = "gzhetmcqgasjcsmon.exe ." | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zryuiapcrkbrjyrs = "avfevqiyqmgzumimnve.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "gzhetmcqgasjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "czlmfcwoigcxuomsvfqnz.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "avfevqiyqmgzumimnve.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "czlmfcwoigcxuomsvfqnz.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "njuumibslidxtmjoqzjf.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avfevqiyqmgzumimnve.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gzhetmcqgasjcsmon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzhetmcqgasjcsmon.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "zryuiapcrkbrjyrs.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "gzhetmcqgasjcsmon.exe ." | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pjsqgargxsldxojmmt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gzhetmcqgasjcsmon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njuumibslidxtmjoqzjf.exe ." | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "njuumibslidxtmjoqzjf.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gzhetmcqgasjcsmon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjsqgargxsldxojmmt.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "avfevqiyqmgzumimnve.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njuumibslidxtmjoqzjf.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "pjsqgargxsldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "czlmfcwoigcxuomsvfqnz.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "gzhetmcqgasjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avfevqiyqmgzumimnve.exe ." | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjsqgargxsldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "avfevqiyqmgzumimnve.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czlmfcwoigcxuomsvfqnz.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "zryuiapcrkbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "avfevqiyqmgzumimnve.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "pjsqgargxsldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avfevqiyqmgzumimnve.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File created | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File opened for modification | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\njuumibslidxtmjoqzjf.exe | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\njuumibslidxtmjoqzjf.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avfevqiyqmgzumimnve.exe | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\njuumibslidxtmjoqzjf.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\njuumibslidxtmjoqzjf.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tregaytmhgdzxsrycnzxkm.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\czlmfcwoigcxuomsvfqnz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tregaytmhgdzxsrycnzxkm.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\czlmfcwoigcxuomsvfqnz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\njuumibslidxtmjoqzjf.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\njuumibslidxtmjoqzjf.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gzhetmcqgasjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gzhetmcqgasjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\czlmfcwoigcxuomsvfqnz.exe | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gzhetmcqgasjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tregaytmhgdzxsrycnzxkm.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tregaytmhgdzxsrycnzxkm.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gzhetmcqgasjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avfevqiyqmgzumimnve.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tregaytmhgdzxsrycnzxkm.exe | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avfevqiyqmgzumimnve.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\czlmfcwoigcxuomsvfqnz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tregaytmhgdzxsrycnzxkm.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qfjcncoykaobqcsqlnqfjcncoykaobqcsql.qfj | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avfevqiyqmgzumimnve.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\czlmfcwoigcxuomsvfqnz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\njuumibslidxtmjoqzjf.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tregaytmhgdzxsrycnzxkm.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avfevqiyqmgzumimnve.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avfevqiyqmgzumimnve.exe | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\czlmfcwoigcxuomsvfqnz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avfevqiyqmgzumimnve.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gzhetmcqgasjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tregaytmhgdzxsrycnzxkm.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\njuumibslidxtmjoqzjf.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gzhetmcqgasjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avfevqiyqmgzumimnve.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avfevqiyqmgzumimnve.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\njuumibslidxtmjoqzjf.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gzhetmcqgasjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\czlmfcwoigcxuomsvfqnz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\qfjcncoykaobqcsqlnqfjcncoykaobqcsql.qfj | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File opened for modification | C:\Program Files (x86)\hlemmqrqrwzbfglyizrvowwa.abg | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File created | C:\Program Files (x86)\hlemmqrqrwzbfglyizrvowwa.abg | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File opened for modification | C:\Program Files (x86)\qfjcncoykaobqcsqlnqfjcncoykaobqcsql.qfj | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\avfevqiyqmgzumimnve.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\avfevqiyqmgzumimnve.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\qfjcncoykaobqcsqlnqfjcncoykaobqcsql.qfj | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File opened for modification | C:\Windows\tregaytmhgdzxsrycnzxkm.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\njuumibslidxtmjoqzjf.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\njuumibslidxtmjoqzjf.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\tregaytmhgdzxsrycnzxkm.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\njuumibslidxtmjoqzjf.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\avfevqiyqmgzumimnve.exe | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File opened for modification | C:\Windows\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\gzhetmcqgasjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\czlmfcwoigcxuomsvfqnz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\avfevqiyqmgzumimnve.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\gzhetmcqgasjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\czlmfcwoigcxuomsvfqnz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\njuumibslidxtmjoqzjf.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\avfevqiyqmgzumimnve.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\njuumibslidxtmjoqzjf.exe | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File opened for modification | C:\Windows\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\njuumibslidxtmjoqzjf.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\avfevqiyqmgzumimnve.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\czlmfcwoigcxuomsvfqnz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\tregaytmhgdzxsrycnzxkm.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\tregaytmhgdzxsrycnzxkm.exe | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File created | C:\Windows\hlemmqrqrwzbfglyizrvowwa.abg | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File opened for modification | C:\Windows\czlmfcwoigcxuomsvfqnz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\avfevqiyqmgzumimnve.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\njuumibslidxtmjoqzjf.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\gzhetmcqgasjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File opened for modification | C:\Windows\czlmfcwoigcxuomsvfqnz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\avfevqiyqmgzumimnve.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\njuumibslidxtmjoqzjf.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\zryuiapcrkbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\tregaytmhgdzxsrycnzxkm.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\gzhetmcqgasjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\gzhetmcqgasjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\njuumibslidxtmjoqzjf.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\czlmfcwoigcxuomsvfqnz.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\hlemmqrqrwzbfglyizrvowwa.abg | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| File opened for modification | C:\Windows\gzhetmcqgasjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\avfevqiyqmgzumimnve.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\tregaytmhgdzxsrycnzxkm.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\avfevqiyqmgzumimnve.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\njuumibslidxtmjoqzjf.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\pjsqgargxsldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\njuumibslidxtmjoqzjf.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gzhetmcqgasjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\njuumibslidxtmjoqzjf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pjsqgargxsldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zryuiapcrkbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\avfevqiyqmgzumimnve.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\avfevqiyqmgzumimnve.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pjsqgargxsldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gzhetmcqgasjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\avfevqiyqmgzumimnve.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\njuumibslidxtmjoqzjf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pjsqgargxsldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zryuiapcrkbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pjsqgargxsldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\njuumibslidxtmjoqzjf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zryuiapcrkbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\avfevqiyqmgzumimnve.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\czlmfcwoigcxuomsvfqnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\njuumibslidxtmjoqzjf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\avfevqiyqmgzumimnve.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gzhetmcqgasjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zryuiapcrkbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zryuiapcrkbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zryuiapcrkbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pjsqgargxsldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zryuiapcrkbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\czlmfcwoigcxuomsvfqnz.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe"
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."
C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe
"C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe" "-C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe"
C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe
"C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe" "-C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe .
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe .
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\pjsqgargxsldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe .
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\pjsqgargxsldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\pjsqgargxsldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe .
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\pjsqgargxsldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\pjsqgargxsldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\pjsqgargxsldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\pjsqgargxsldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\pjsqgargxsldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\pjsqgargxsldxojmmt.exe*."
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\pjsqgargxsldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."
C:\Windows\zryuiapcrkbrjyrs.exe
zryuiapcrkbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe
C:\Windows\avfevqiyqmgzumimnve.exe
avfevqiyqmgzumimnve.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\pjsqgargxsldxojmmt.exe
pjsqgargxsldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\njuumibslidxtmjoqzjf.exe
njuumibslidxtmjoqzjf.exe
C:\Windows\czlmfcwoigcxuomsvfqnz.exe
czlmfcwoigcxuomsvfqnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe
C:\Windows\gzhetmcqgasjcsmon.exe
gzhetmcqgasjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| DE | 142.250.181.206:80 | www.youtube.com | tcp |
| US | 87.120.55.81:40804 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | nlqwurdxjqv.info | udp |
| US | 8.8.8.8:53 | ujuixe.net | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | xqlklieunsg.info | udp |
| US | 8.8.8.8:53 | drrykczqliwk.info | udp |
| US | 8.8.8.8:53 | lgxmnxp.info | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | aqvytwt.info | udp |
| US | 8.8.8.8:53 | rrxvqlao.net | udp |
| US | 8.8.8.8:53 | ydjsanbplb.net | udp |
| US | 8.8.8.8:53 | eaharf.net | udp |
| US | 8.8.8.8:53 | hqtlrkfj.net | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | xnzovotwx.net | udp |
| US | 8.8.8.8:53 | lfrstzhh.net | udp |
| US | 8.8.8.8:53 | nlotajnm.info | udp |
| US | 8.8.8.8:53 | dwbtrevcn.com | udp |
| US | 8.8.8.8:53 | tsdgfckmb.com | udp |
| US | 8.8.8.8:53 | lcrjygi.org | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | mfnrnhqeeyv.info | udp |
| US | 8.8.8.8:53 | rersyak.info | udp |
| US | 8.8.8.8:53 | mqiqeyieqqss.org | udp |
| US | 8.8.8.8:53 | ylzwjjt.net | udp |
| US | 8.8.8.8:53 | sedsnnpqniw.net | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | goznlxhalsn.net | udp |
| US | 8.8.8.8:53 | euxyhykczfj.info | udp |
| US | 8.8.8.8:53 | zzdafaholy.net | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | kahgfcr.info | udp |
| US | 8.8.8.8:53 | phdlxjta.info | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | eeaikaks.com | udp |
| US | 8.8.8.8:53 | rrdoofbsz.net | udp |
| US | 8.8.8.8:53 | fynthkl.net | udp |
| US | 8.8.8.8:53 | ngsoxwyc.info | udp |
| US | 8.8.8.8:53 | aqbnxjprks.net | udp |
| US | 8.8.8.8:53 | szfofisovcr.net | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | ayxsfupon.info | udp |
| US | 8.8.8.8:53 | qsgaci.com | udp |
| US | 8.8.8.8:53 | mtearsxqx.info | udp |
| US | 8.8.8.8:53 | oswwbug.net | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | wagojwbzr.info | udp |
| US | 8.8.8.8:53 | fqyetgjpzuz.com | udp |
| US | 8.8.8.8:53 | melbmcr.info | udp |
| US | 8.8.8.8:53 | ssbilqryl.info | udp |
| US | 8.8.8.8:53 | cylqbikdbm.net | udp |
| US | 8.8.8.8:53 | jilritlklv.net | udp |
| US | 8.8.8.8:53 | hvkesiomx.info | udp |
| US | 8.8.8.8:53 | gffafyvw.info | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| DE | 84.32.109.179:33407 | tcp | |
| US | 8.8.8.8:53 | tnnclvm.info | udp |
| US | 8.8.8.8:53 | xepxjkcwpvz.net | udp |
| US | 8.8.8.8:53 | rssmfoe.org | udp |
| US | 8.8.8.8:53 | ruaywygsevfm.info | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | ummsvlki.info | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | tclgxmk.com | udp |
| US | 8.8.8.8:53 | rjnedmzepik.net | udp |
| US | 8.8.8.8:53 | wiiyea.com | udp |
| US | 8.8.8.8:53 | booyrkl.org | udp |
| US | 8.8.8.8:53 | oidktbl.net | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | pwsqjw.info | udp |
| US | 8.8.8.8:53 | sokexcd.info | udp |
| US | 8.8.8.8:53 | yrlsrvre.net | udp |
| US | 8.8.8.8:53 | kyhklmpnt.net | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | nmlzfgsiezhz.net | udp |
| US | 8.8.8.8:53 | muybtz.info | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | hanqmen.info | udp |
| US | 8.8.8.8:53 | ygzrxrp.info | udp |
| US | 8.8.8.8:53 | ccknyf.net | udp |
| US | 8.8.8.8:53 | vndosnicpotw.info | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | cmewkweiwi.com | udp |
| US | 8.8.8.8:53 | rltqnrca.info | udp |
| US | 8.8.8.8:53 | uvlydbgi.info | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | tknijxcsl.org | udp |
| US | 8.8.8.8:53 | flzlrl.net | udp |
| US | 8.8.8.8:53 | hazovaquz.org | udp |
| US | 8.8.8.8:53 | zgvixk.net | udp |
| US | 8.8.8.8:53 | ueerfrkczrtq.info | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | gimgduo.net | udp |
| US | 8.8.8.8:53 | imanxarbep.info | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | myzmjev.net | udp |
| US | 8.8.8.8:53 | bpwuxe.info | udp |
| US | 8.8.8.8:53 | oahisgpny.net | udp |
| US | 8.8.8.8:53 | tyagpkb.com | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | rgnyneo.info | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | wpnfcbts.net | udp |
| US | 8.8.8.8:53 | uzlols.info | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | ukjunwllyt.info | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | scmgmn.net | udp |
| US | 8.8.8.8:53 | bqhahvqqbbnl.net | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | hsteccazdkn.com | udp |
| US | 8.8.8.8:53 | ncyytup.info | udp |
| US | 8.8.8.8:53 | lysiwihaz.org | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | yvbymegelvb.net | udp |
| US | 8.8.8.8:53 | xmvqbmg.com | udp |
| US | 8.8.8.8:53 | fwogcqzjzt.net | udp |
| US | 8.8.8.8:53 | sawuyaqiyoyc.org | udp |
| US | 8.8.8.8:53 | iasxcbsi.info | udp |
| US | 8.8.8.8:53 | uwecycwoewcy.org | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | vexcnof.org | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | vvfkpeb.com | udp |
| US | 8.8.8.8:53 | urxixee.net | udp |
| US | 8.8.8.8:53 | wajdpb.net | udp |
| US | 8.8.8.8:53 | dwcfltbcgjpb.net | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | xvqyvpxd.info | udp |
| US | 8.8.8.8:53 | rafdtpxafivh.info | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | jqlllwu.info | udp |
| US | 8.8.8.8:53 | gegnoutlc.info | udp |
| LT | 78.58.228.91:32359 | tcp | |
| US | 8.8.8.8:53 | iscycssu.org | udp |
| US | 8.8.8.8:53 | zqnidjmgdyui.info | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | veryltejfauu.net | udp |
| US | 8.8.8.8:53 | rzlyhctslix.com | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | mkjbvkhix.info | udp |
| US | 8.8.8.8:53 | bulzdydv.info | udp |
| US | 8.8.8.8:53 | kgkmnmfstsh.net | udp |
| US | 8.8.8.8:53 | kmpwhjmmspq.net | udp |
| US | 8.8.8.8:53 | xgyyrdppgb.net | udp |
| US | 8.8.8.8:53 | vfiomvnkwt.info | udp |
| US | 8.8.8.8:53 | faqhlyk.net | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | ecgzlqusp.net | udp |
| US | 8.8.8.8:53 | uaiiigis.com | udp |
| US | 8.8.8.8:53 | wsbuner.info | udp |
| US | 8.8.8.8:53 | mjfhwjrso.net | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | qpbshpbqn.net | udp |
| US | 8.8.8.8:53 | siausavra.net | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | vkjolucysah.net | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | shdwedn.info | udp |
| US | 8.8.8.8:53 | pqigtt.info | udp |
| US | 8.8.8.8:53 | mkkmkgqquuke.com | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | vsfidvt.org | udp |
| US | 8.8.8.8:53 | rjxuar.net | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | icjrqeyuu.info | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | yonpraqfzz.info | udp |
| US | 8.8.8.8:53 | esffxqbwfxix.net | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | skocgo.com | udp |
| US | 8.8.8.8:53 | cceyge.org | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | fctgphpuhlw.net | udp |
| US | 8.8.8.8:53 | vaxdhhzcd.org | udp |
| BG | 79.132.21.180:44788 | tcp | |
| US | 8.8.8.8:53 | gwwoasrgid.info | udp |
| US | 8.8.8.8:53 | ckqkwqey.com | udp |
| US | 8.8.8.8:53 | keqyinenviz.info | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | satxwxz.info | udp |
| US | 8.8.8.8:53 | eqosgy.info | udp |
| US | 8.8.8.8:53 | vwpszkb.com | udp |
| US | 8.8.8.8:53 | ahkgvfbpposr.info | udp |
| US | 8.8.8.8:53 | eihhykbeu.info | udp |
| US | 8.8.8.8:53 | yimkxzip.net | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | jhizgcwtbytk.info | udp |
| US | 8.8.8.8:53 | hyzfhropadci.net | udp |
| US | 8.8.8.8:53 | tdquiloxbm.net | udp |
| US | 8.8.8.8:53 | uycssa.org | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | vcmpdreyxm.info | udp |
| US | 8.8.8.8:53 | nwzpgwnyrid.com | udp |
| US | 8.8.8.8:53 | joktolce.info | udp |
| US | 8.8.8.8:53 | lcdgnde.info | udp |
| US | 8.8.8.8:53 | seurtkapg.net | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | bgskncggc.com | udp |
| US | 8.8.8.8:53 | zcpolpym.info | udp |
| US | 8.8.8.8:53 | fqcslafjh.info | udp |
| US | 8.8.8.8:53 | exfshsnlv.net | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | qkxyrmstagi.info | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | yowqga.com | udp |
| US | 8.8.8.8:53 | bgkfaeykpoi.info | udp |
| US | 8.8.8.8:53 | lrpqoa.info | udp |
| US | 8.8.8.8:53 | ruzhhhxkpwsa.net | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | gyogyyuukyca.com | udp |
| US | 8.8.8.8:53 | yaieos.org | udp |
| US | 8.8.8.8:53 | fgkaxijop.com | udp |
| US | 8.8.8.8:53 | fqgnny.net | udp |
| US | 8.8.8.8:53 | rxyudvgn.net | udp |
| US | 8.8.8.8:53 | fepxukr.info | udp |
| US | 8.8.8.8:53 | cudexlrsbz.net | udp |
| US | 8.8.8.8:53 | cpkqxhba.info | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | qwufdzw.net | udp |
| US | 8.8.8.8:53 | taswjfw.org | udp |
| US | 8.8.8.8:53 | eukcwqiu.com | udp |
| US | 8.8.8.8:53 | wixkjqnyg.info | udp |
| US | 8.8.8.8:53 | degiihl.com | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| BG | 94.156.87.170:29216 | tcp | |
| US | 8.8.8.8:53 | koiuvgzyhzvf.net | udp |
| US | 8.8.8.8:53 | dtmbplfdtlcr.info | udp |
| US | 8.8.8.8:53 | aeitnijy.net | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | tinlhspbf.org | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | osqcyyccqe.com | udp |
| US | 8.8.8.8:53 | cttmrtsxxniq.net | udp |
| US | 8.8.8.8:53 | pklwcsjjhmp.info | udp |
| US | 8.8.8.8:53 | xkpcfsyaz.info | udp |
| US | 8.8.8.8:53 | zhtvrebu.net | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | msomovxumq.info | udp |
| US | 8.8.8.8:53 | xmasvgqmnoy.org | udp |
| US | 8.8.8.8:53 | hkaoakhuxxj.net | udp |
| US | 8.8.8.8:53 | wejxjch.net | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | dytslstlntk.net | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | oqcqyuaoys.com | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | cagmissuqkms.org | udp |
| US | 8.8.8.8:53 | pxtbinwwguzq.net | udp |
| US | 8.8.8.8:53 | qbjwmg.net | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | egwhlklqogo.info | udp |
| US | 8.8.8.8:53 | tgiiohnytsah.info | udp |
| US | 8.8.8.8:53 | oimwemcuuoms.com | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | dkphaqhoj.com | udp |
| US | 8.8.8.8:53 | mqhinba.net | udp |
| US | 8.8.8.8:53 | jajuwct.com | udp |
| US | 8.8.8.8:53 | tybftlzzjm.net | udp |
| US | 8.8.8.8:53 | kgwuwmyiqg.com | udp |
| US | 8.8.8.8:53 | qselzdpq.net | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | htpeqjognnpm.info | udp |
| US | 8.8.8.8:53 | tazsvnnmv.info | udp |
| US | 8.8.8.8:53 | edogletf.info | udp |
| US | 8.8.8.8:53 | esrcnez.info | udp |
| US | 8.8.8.8:53 | vjhuylcnilhn.info | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | qzgqermax.net | udp |
| US | 8.8.8.8:53 | sifvqbfb.info | udp |
| US | 8.8.8.8:53 | yqcbzxpkbm.net | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | qcfrnrtilzv.info | udp |
| US | 8.8.8.8:53 | dywbdohqwyb.com | udp |
| US | 8.8.8.8:53 | wcowcm.com | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| LT | 78.60.177.134:21038 | tcp | |
| US | 8.8.8.8:53 | eyyaocykom.org | udp |
| US | 8.8.8.8:53 | lnnppmtvtpir.net | udp |
| US | 8.8.8.8:53 | tpfgbtlt.info | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | dgbcfz.net | udp |
| US | 8.8.8.8:53 | qxtvhp.info | udp |
| US | 8.8.8.8:53 | pjyiemec.net | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | wornhstrx.info | udp |
| US | 8.8.8.8:53 | lqpzvhbowm.info | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | mjfylyp.info | udp |
| US | 8.8.8.8:53 | lfsilclqmawr.info | udp |
| US | 8.8.8.8:53 | rwdnvzhnuf.info | udp |
| US | 8.8.8.8:53 | ayimqoiwgkkc.org | udp |
| US | 8.8.8.8:53 | lrovpxdoza.info | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | nepfhtuiek.net | udp |
| US | 8.8.8.8:53 | bpryuyiywghd.net | udp |
| US | 8.8.8.8:53 | xhndrbmenams.net | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | qmvyls.info | udp |
| US | 8.8.8.8:53 | ykwmeksi.com | udp |
| US | 8.8.8.8:53 | yqsbxpfbuv.net | udp |
| US | 8.8.8.8:53 | sojotwg.net | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | csaeaksckguw.com | udp |
| US | 8.8.8.8:53 | dgivmun.org | udp |
| US | 8.8.8.8:53 | csqaqwd.net | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | miwgsiaswsck.com | udp |
| US | 8.8.8.8:53 | xmmfhrpcneiy.info | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | cztsaukehdn.info | udp |
| US | 8.8.8.8:53 | azvyqohymgp.net | udp |
| US | 8.8.8.8:53 | lisykmslzon.org | udp |
| US | 8.8.8.8:53 | diqmpyd.info | udp |
| US | 8.8.8.8:53 | gohyzsfqh.info | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | twihcsxshn.net | udp |
| LT | 78.61.82.223:41459 | tcp | |
| US | 8.8.8.8:53 | lgdccev.com | udp |
| US | 8.8.8.8:53 | novwmnurcxbr.info | udp |
| US | 8.8.8.8:53 | tsgkrkh.net | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | paxizld.org | udp |
| US | 8.8.8.8:53 | ewqqimuekk.org | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | paxynfm.org | udp |
| US | 8.8.8.8:53 | pctkgplslwl.net | udp |
| US | 8.8.8.8:53 | kglohyite.net | udp |
| US | 8.8.8.8:53 | ledydhpwkyt.net | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | azrhlxolu.info | udp |
| US | 8.8.8.8:53 | gdoevktkgj.info | udp |
| US | 8.8.8.8:53 | bajfri.info | udp |
| US | 8.8.8.8:53 | rpzmtewldvm.org | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | fkbetvwrew.net | udp |
| US | 8.8.8.8:53 | lfazmpt.net | udp |
| US | 8.8.8.8:53 | euuhix.info | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | msocwajdr.info | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | iqgmfyl.info | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | awogqmaicq.org | udp |
| US | 8.8.8.8:53 | mmxwhcanylv.net | udp |
| US | 8.8.8.8:53 | gcntwdrybp.net | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | gdrjpgqqaums.info | udp |
| US | 8.8.8.8:53 | iuhdgqxmz.net | udp |
| US | 8.8.8.8:53 | urikojxrj.net | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | ngzipq.info | udp |
| US | 8.8.8.8:53 | ecmkoaawye.org | udp |
| US | 8.8.8.8:53 | jwydkpnqdj.info | udp |
| US | 8.8.8.8:53 | yrlydtvbjm.net | udp |
| US | 8.8.8.8:53 | mbmszvvcjh.net | udp |
| US | 8.8.8.8:53 | xuyknanlf.net | udp |
| US | 8.8.8.8:53 | dwrurhrch.net | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | zmrcakty.info | udp |
| US | 8.8.8.8:53 | sitkfkiuwm.net | udp |
| US | 8.8.8.8:53 | narqbbzwh.info | udp |
| US | 8.8.8.8:53 | bfpcqgfyh.com | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | vdqjuuctpxhv.net | udp |
| US | 8.8.8.8:53 | dyxetlqsigz.com | udp |
| US | 8.8.8.8:53 | dazzdtbxhy.net | udp |
| US | 8.8.8.8:53 | nweyxdm.net | udp |
| US | 8.8.8.8:53 | pyxvjyrqe.net | udp |
| US | 8.8.8.8:53 | bcfaeoa.org | udp |
| US | 8.8.8.8:53 | wwkcluiqvqe.info | udp |
| US | 8.8.8.8:53 | dmlutakit.info | udp |
| US | 8.8.8.8:53 | euoetofgu.net | udp |
| US | 8.8.8.8:53 | ngffhobw.info | udp |
| US | 8.8.8.8:53 | uelacxnjhyn.info | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | saukaygwucee.com | udp |
| US | 8.8.8.8:53 | ldfkngli.net | udp |
| US | 8.8.8.8:53 | rxiajt.info | udp |
| LT | 78.61.230.103:27669 | tcp | |
| US | 8.8.8.8:53 | jsouqupqyci.info | udp |
| US | 8.8.8.8:53 | qyyukqaco.net | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | rktshzjcvcyu.info | udp |
| US | 8.8.8.8:53 | vfotpthcvhh.info | udp |
| US | 8.8.8.8:53 | aaqkmyyg.com | udp |
| US | 8.8.8.8:53 | senxjn.net | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | ztbounx.net | udp |
| US | 8.8.8.8:53 | bxicrgsdef.info | udp |
| US | 8.8.8.8:53 | uowwiq.com | udp |
| US | 8.8.8.8:53 | jdvxvgrtdtlf.net | udp |
| US | 8.8.8.8:53 | zgyxjtfrpi.net | udp |
| US | 8.8.8.8:53 | tvnkjnceuyhk.info | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | csxugqn.net | udp |
| US | 8.8.8.8:53 | jrleckr.info | udp |
| US | 8.8.8.8:53 | oucwkmaiwg.com | udp |
| US | 8.8.8.8:53 | wqyafi.net | udp |
| US | 8.8.8.8:53 | oamssc.org | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | bpbqqmrvk.net | udp |
| US | 8.8.8.8:53 | icmwigsqmi.org | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | agfxoc.info | udp |
| LT | 78.61.146.226:30136 | tcp | |
| US | 8.8.8.8:53 | qwsurmuamqp.info | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | vafiiriiuafd.info | udp |
| US | 8.8.8.8:53 | qvzujl.info | udp |
| US | 8.8.8.8:53 | uyyswo.com | udp |
| US | 8.8.8.8:53 | aisckyujv.info | udp |
| US | 8.8.8.8:53 | zqbsvof.com | udp |
| US | 8.8.8.8:53 | yaqmcq.org | udp |
| US | 8.8.8.8:53 | gnmneommxk.net | udp |
| US | 8.8.8.8:53 | esuossckgwyg.com | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | yhuilxtvi.info | udp |
| US | 8.8.8.8:53 | rphtxszpda.info | udp |
| US | 8.8.8.8:53 | xolifsv.org | udp |
| US | 8.8.8.8:53 | wxtcjinyw.net | udp |
| US | 8.8.8.8:53 | xjxezblbf.net | udp |
| US | 8.8.8.8:53 | aorgsoz.net | udp |
| US | 8.8.8.8:53 | uafigavoatfn.net | udp |
| US | 8.8.8.8:53 | azxqgm.net | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | vsyfdiv.org | udp |
| US | 8.8.8.8:53 | deqynwpifos.org | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | qawuieqgyqgw.org | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | oadcroqhmf.net | udp |
| US | 8.8.8.8:53 | ecufjabmd.net | udp |
| US | 8.8.8.8:53 | xeurno.info | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | dbxpdyeitkp.org | udp |
| US | 8.8.8.8:53 | jlsdgredjcou.info | udp |
| US | 8.8.8.8:53 | pkjbfblapau.com | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | dvorjk.net | udp |
| US | 8.8.8.8:53 | aeiamogwwqyc.org | udp |
| US | 8.8.8.8:53 | vqncsas.com | udp |
| US | 8.8.8.8:53 | qfcfrfipmplr.info | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | oekiqceqwq.org | udp |
| US | 8.8.8.8:53 | nibfcgh.net | udp |
| US | 8.8.8.8:53 | ggskwm.org | udp |
| US | 8.8.8.8:53 | acziouvqch.net | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | sgewajdutrr.info | udp |
| US | 8.8.8.8:53 | eiskmy.org | udp |
| US | 8.8.8.8:53 | qotilo.net | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | scokmuqygysc.com | udp |
| US | 8.8.8.8:53 | fkblqmrxzoxv.net | udp |
| US | 8.8.8.8:53 | dazmjml.info | udp |
| US | 8.8.8.8:53 | yodxdhh.net | udp |
| US | 8.8.8.8:53 | fnxzwzykjspz.net | udp |
| US | 8.8.8.8:53 | rtyrzemmo.net | udp |
| US | 8.8.8.8:53 | uauqek.com | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | mrudjvaf.info | udp |
| US | 8.8.8.8:53 | lqicoottvwr.com | udp |
| US | 8.8.8.8:53 | kihhfvvotj.info | udp |
| US | 8.8.8.8:53 | kwmsfupoz.info | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | ffbfocmwnw.info | udp |
| US | 8.8.8.8:53 | fykilkdg.net | udp |
| US | 8.8.8.8:53 | kutfvgvox.net | udp |
| US | 8.8.8.8:53 | tgticatwwkz.com | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | giogrde.info | udp |
| US | 8.8.8.8:53 | iiamemsmgy.org | udp |
| US | 8.8.8.8:53 | gaxjucpehvv.net | udp |
| US | 8.8.8.8:53 | labwnpbrliuw.info | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | rvxetshwfbrx.net | udp |
| US | 8.8.8.8:53 | tnandun.net | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | wwoiwppurkgt.net | udp |
| US | 8.8.8.8:53 | iwayoabes.net | udp |
| RU | 95.70.98.170:15493 | tcp | |
| US | 8.8.8.8:53 | xpqoad.net | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | fxzizdp.org | udp |
| US | 8.8.8.8:53 | boxaqrvupsdo.info | udp |
| US | 8.8.8.8:53 | tobntmtwayu.info | udp |
| US | 8.8.8.8:53 | dulkzkcgfot.com | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | jlvozbzqdqn.info | udp |
| US | 8.8.8.8:53 | dqqvbuye.info | udp |
| US | 8.8.8.8:53 | lwndquldxm.info | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | xunrzhjqqqn.com | udp |
| US | 8.8.8.8:53 | yagyssscmw.org | udp |
| US | 8.8.8.8:53 | wotgasneh.net | udp |
| US | 8.8.8.8:53 | hkxahwpogrke.net | udp |
| US | 8.8.8.8:53 | bqiicmdmmf.net | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | omoezabot.info | udp |
| US | 8.8.8.8:53 | mrkwwr.net | udp |
| US | 8.8.8.8:53 | hblwludrdov.net | udp |
| US | 8.8.8.8:53 | vrlqwf.info | udp |
| US | 8.8.8.8:53 | uaaaqime.com | udp |
| US | 8.8.8.8:53 | bfhilgj.info | udp |
| US | 8.8.8.8:53 | mnnczv.net | udp |
| US | 8.8.8.8:53 | eywqhwnhru.info | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | nwzycqsskpmr.info | udp |
| US | 8.8.8.8:53 | yjvwraf.net | udp |
| US | 8.8.8.8:53 | qauceg.org | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | oixqavhebff.info | udp |
| DE | 172.217.16.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | hthtzhqo.info | udp |
| US | 8.8.8.8:53 | cixcjknasgk.info | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | mthuupsjlbjh.net | udp |
| US | 8.8.8.8:53 | uafqdqa.net | udp |
| US | 8.8.8.8:53 | pgtaxmvgqmb.com | udp |
| US | 8.8.8.8:53 | rxfywmtjj.net | udp |
| US | 8.8.8.8:53 | seqayqswyw.org | udp |
| US | 8.8.8.8:53 | mppvlxed.info | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | odwebcozyhn.net | udp |
| US | 8.8.8.8:53 | ulhdtqkqdma.net | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | tuviluxig.net | udp |
| US | 8.8.8.8:53 | uxgmenvx.info | udp |
| US | 8.8.8.8:53 | oekwqw.org | udp |
| US | 8.8.8.8:53 | jzdhhvivlgba.info | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | zeeeyqfgii.net | udp |
| US | 8.8.8.8:53 | aoqsmqowsmgu.org | udp |
| US | 8.8.8.8:53 | toltpzmnzrry.info | udp |
| US | 8.8.8.8:53 | bcxsfmn.com | udp |
| US | 8.8.8.8:53 | pctcrwzbw.net | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | euvngmdk.net | udp |
| US | 8.8.8.8:53 | gddfjwzxtjvo.net | udp |
| US | 8.8.8.8:53 | kpxxigbapzp.net | udp |
| US | 8.8.8.8:53 | zfaqvwav.net | udp |
| LT | 77.79.33.88:27251 | tcp | |
| US | 8.8.8.8:53 | okuugqeny.net | udp |
| US | 8.8.8.8:53 | njyipfid.net | udp |
| US | 8.8.8.8:53 | dcjxullc.info | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | ihilzgtd.net | udp |
| US | 8.8.8.8:53 | yntwzi.net | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | xsvqzwhuh.net | udp |
| US | 8.8.8.8:53 | tihxhq.net | udp |
| US | 8.8.8.8:53 | rtpjyork.info | udp |
| US | 8.8.8.8:53 | chqgknhl.info | udp |
| US | 8.8.8.8:53 | wqrfzhiaqwr.net | udp |
| US | 8.8.8.8:53 | yfdifyhwdyx.info | udp |
| US | 8.8.8.8:53 | helikqavg.net | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | ooueyc.org | udp |
| US | 8.8.8.8:53 | lzdazo.net | udp |
| US | 8.8.8.8:53 | xycfixpl.net | udp |
| US | 8.8.8.8:53 | yinkrerhy.info | udp |
| US | 8.8.8.8:53 | tqxtrqaon.net | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | uwiyooeaam.com | udp |
| US | 8.8.8.8:53 | nnmztrfrnx.info | udp |
| US | 8.8.8.8:53 | byfepsghg.org | udp |
| US | 8.8.8.8:53 | iuzcvw.net | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | dkzizdvw.info | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | lnpghgu.com | udp |
| US | 8.8.8.8:53 | rjddrl.info | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | ewwywuwgugmk.com | udp |
| US | 8.8.8.8:53 | coiqgues.com | udp |
| US | 8.8.8.8:53 | punwfyr.net | udp |
| US | 8.8.8.8:53 | pptozyqruros.info | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | rjriue.info | udp |
| US | 8.8.8.8:53 | ckxqozs.info | udp |
| US | 8.8.8.8:53 | wiuwvaqybih.net | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | xlsoodglxjhq.info | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | ewqssqiyqq.com | udp |
| US | 8.8.8.8:53 | twifdba.info | udp |
| US | 8.8.8.8:53 | lwtgmgn.info | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | dxlxcmgmqxba.info | udp |
| US | 8.8.8.8:53 | wsoafwbzfrq.net | udp |
| US | 8.8.8.8:53 | ncniku.info | udp |
| US | 8.8.8.8:53 | znnmdgdyg.info | udp |
| US | 8.8.8.8:53 | mbngppto.info | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | sgmaeoum.org | udp |
| US | 8.8.8.8:53 | ryyrfgrjzif.net | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | iynmxyn.net | udp |
| US | 8.8.8.8:53 | qxjjmypiriz.info | udp |
| US | 8.8.8.8:53 | bntspk.net | udp |
| US | 8.8.8.8:53 | sjtgvgochuc.net | udp |
| US | 8.8.8.8:53 | xmvuzwtad.org | udp |
| US | 8.8.8.8:53 | itqhzjxumhlh.net | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | xzdjrucronfu.info | udp |
| US | 8.8.8.8:53 | eqqsugkq.org | udp |
| US | 8.8.8.8:53 | jqtkhcnkl.com | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | skmcvihjp.net | udp |
| US | 8.8.8.8:53 | xcxfdojnil.net | udp |
| US | 8.8.8.8:53 | sksccikaem.com | udp |
| US | 8.8.8.8:53 | qanamzn.info | udp |
| US | 8.8.8.8:53 | iolwrjqi.info | udp |
| US | 8.8.8.8:53 | phmvbv.info | udp |
| US | 8.8.8.8:53 | ysakikse.com | udp |
| US | 8.8.8.8:53 | xbvulsz.com | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | uwtbxvnpdj.info | udp |
| US | 8.8.8.8:53 | eybdfbvil.info | udp |
| US | 8.8.8.8:53 | qawiybcuqpst.info | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| BG | 188.254.157.235:20334 | tcp | |
| US | 8.8.8.8:53 | puhwukmiigi.net | udp |
| US | 8.8.8.8:53 | xsoshznajwv.com | udp |
| US | 8.8.8.8:53 | jtxujmbecdmv.info | udp |
| US | 8.8.8.8:53 | ibthzitnbynq.info | udp |
| US | 8.8.8.8:53 | eonubyiixwx.info | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | jxhpks.info | udp |
| US | 8.8.8.8:53 | msyldjwnb.net | udp |
| US | 8.8.8.8:53 | pmwebhd.org | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | vfbsbuoob.info | udp |
| US | 8.8.8.8:53 | oodglijyhrl.info | udp |
| US | 8.8.8.8:53 | yuoaay.com | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | rovqrojhrsh.net | udp |
| US | 8.8.8.8:53 | iijfpiwpfe.net | udp |
| US | 8.8.8.8:53 | modgimmsfel.net | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | iqmuakccwo.com | udp |
| US | 8.8.8.8:53 | monmoqmmhov.net | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | ukqtjijt.info | udp |
| US | 8.8.8.8:53 | nsehfyoocct.info | udp |
| US | 8.8.8.8:53 | nesnqw.net | udp |
| US | 8.8.8.8:53 | lanfeies.info | udp |
| US | 8.8.8.8:53 | mkccauwy.com | udp |
| US | 8.8.8.8:53 | dchyfcu.org | udp |
| US | 8.8.8.8:53 | cwdegwtvn.net | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | zginfctmr.net | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | jjltkwrxkz.net | udp |
| US | 8.8.8.8:53 | bzaioqlftqte.net | udp |
| US | 8.8.8.8:53 | atwrdw.info | udp |
| US | 8.8.8.8:53 | eyioyaouwi.org | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | keuztcbj.net | udp |
| US | 8.8.8.8:53 | judirsvyhqdd.info | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | jlrqpujqvrl.info | udp |
| US | 8.8.8.8:53 | unoetq.net | udp |
| US | 8.8.8.8:53 | tmfdrqxojeb.org | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | ywtgzidcwmb.net | udp |
| US | 8.8.8.8:53 | aleyrtnqxrnt.net | udp |
| BG | 84.54.137.119:34804 | tcp | |
| US | 8.8.8.8:53 | lrjlroij.net | udp |
| US | 8.8.8.8:53 | zwmihaso.net | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | xojexwu.org | udp |
| US | 8.8.8.8:53 | wiosmwwsoaow.com | udp |
| US | 8.8.8.8:53 | bqxwdka.com | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | vtjljsbipc.info | udp |
| US | 8.8.8.8:53 | muowfmbuqa.net | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | ddwfnvwt.net | udp |
| US | 8.8.8.8:53 | gilmpldqz.info | udp |
| US | 8.8.8.8:53 | sfummj.info | udp |
| US | 8.8.8.8:53 | iikecscy.com | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | gkwugawaaoqk.org | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | qdokpuz.net | udp |
| US | 8.8.8.8:53 | butkxsntx.info | udp |
| US | 8.8.8.8:53 | buycfqnl.info | udp |
| US | 8.8.8.8:53 | uminvkhovu.info | udp |
| US | 8.8.8.8:53 | sgesykqeqi.com | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | dncmpbfdqahv.net | udp |
| US | 8.8.8.8:53 | ncpnrjdqqid.info | udp |
| US | 8.8.8.8:53 | qbkexzyi.net | udp |
| US | 8.8.8.8:53 | pzgkljuoas.net | udp |
| US | 8.8.8.8:53 | guxodymmpe.net | udp |
| US | 8.8.8.8:53 | hydurdgib.net | udp |
| US | 8.8.8.8:53 | hedayguflv.info | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | lncmjdhy.info | udp |
| US | 8.8.8.8:53 | upbizjd.net | udp |
| US | 8.8.8.8:53 | zposnpxr.net | udp |
| US | 8.8.8.8:53 | ayofurjkxzcx.info | udp |
| US | 8.8.8.8:53 | jnrhzznd.info | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | jvjbkx.info | udp |
| US | 8.8.8.8:53 | mmwiumoggcaa.com | udp |
| US | 8.8.8.8:53 | cecmewek.org | udp |
| PK | 115.42.75.182:21587 | tcp | |
| US | 8.8.8.8:53 | btqvksdge.org | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | jwwqnfzzfe.net | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | mvcafmvjjhpe.info | udp |
| US | 8.8.8.8:53 | xoesfx.net | udp |
| US | 8.8.8.8:53 | jpjqjcditu.net | udp |
| US | 8.8.8.8:53 | bafmrd.info | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | wflqfzbq.info | udp |
| US | 8.8.8.8:53 | ayhycluhzyqw.info | udp |
| US | 8.8.8.8:53 | wvutnd.info | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | nzxqtztgxnto.net | udp |
| US | 8.8.8.8:53 | pqphpf.info | udp |
| US | 8.8.8.8:53 | echjnod.info | udp |
| US | 8.8.8.8:53 | nqelrlvlmp.net | udp |
| US | 8.8.8.8:53 | saggucuemsgg.com | udp |
| US | 8.8.8.8:53 | lkeqzkmyxyc.info | udp |
| US | 8.8.8.8:53 | gzlujum.net | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | eqeyvnxi.info | udp |
| US | 8.8.8.8:53 | wiupjyjvr.info | udp |
| US | 8.8.8.8:53 | eysksjbufa.net | udp |
| US | 8.8.8.8:53 | wpviuwhnpx.info | udp |
| US | 8.8.8.8:53 | joscfjk.info | udp |
| US | 8.8.8.8:53 | coterzuxgt.info | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | kesmsgewgwcu.com | udp |
| US | 8.8.8.8:53 | fampue.net | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | hazpqn.info | udp |
| US | 8.8.8.8:53 | hstjvccfzqbg.net | udp |
| US | 8.8.8.8:53 | zsnptyvktgid.net | udp |
| US | 8.8.8.8:53 | nhxobuftkcv.com | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | dsbkuunbmkl.net | udp |
| US | 8.8.8.8:53 | kscfswtypaz.info | udp |
| US | 8.8.8.8:53 | vwxubb.net | udp |
| US | 8.8.8.8:53 | kcmeaqucx.info | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | qkzynzjazlhs.info | udp |
| US | 8.8.8.8:53 | xsmharskx.com | udp |
| US | 8.8.8.8:53 | falvycvlj.info | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| BG | 77.85.98.81:35285 | tcp | |
| US | 8.8.8.8:53 | iqscxdl.info | udp |
| US | 8.8.8.8:53 | nmbarfy.info | udp |
| US | 8.8.8.8:53 | wwfmaf.info | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | qkwoweyu.org | udp |
| US | 8.8.8.8:53 | maoqow.org | udp |
| US | 8.8.8.8:53 | pmehnih.org | udp |
| US | 8.8.8.8:53 | rdapxwymkh.info | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | ssmwmawq.org | udp |
| US | 8.8.8.8:53 | rvrghdnipuq.net | udp |
| US | 8.8.8.8:53 | vvmbfttpjj.net | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | ptrvtol.net | udp |
| US | 8.8.8.8:53 | femtvun.info | udp |
| US | 8.8.8.8:53 | gahesobkk.info | udp |
| US | 8.8.8.8:53 | wcqork.info | udp |
| US | 8.8.8.8:53 | ogcimogkkiqw.org | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | uzhfktekcoaj.info | udp |
| US | 8.8.8.8:53 | mpywaqrcx.info | udp |
| US | 8.8.8.8:53 | nkiqxbxgtz.info | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | mkselelszfr.net | udp |
| US | 8.8.8.8:53 | kylsrhdmy.net | udp |
| US | 8.8.8.8:53 | yqwgmqyc.com | udp |
| US | 8.8.8.8:53 | cgzqtowog.info | udp |
| US | 8.8.8.8:53 | uhbsbfvr.net | udp |
| US | 8.8.8.8:53 | ccaqkq.org | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | cuqmfdds.info | udp |
| US | 8.8.8.8:53 | hplrustazo.info | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| US | 8.8.8.8:53 | htboqlhc.info | udp |
| US | 8.8.8.8:53 | jwjulkj.info | udp |
| US | 8.8.8.8:53 | jrnmzxzen.com | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | immeyggm.com | udp |
| US | 8.8.8.8:53 | ucyyky.com | udp |
| US | 8.8.8.8:53 | yzjmiwegrop.info | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | qeiegiyo.org | udp |
| US | 8.8.8.8:53 | giekgyskeiik.org | udp |
| US | 8.8.8.8:53 | fgpinx.net | udp |
| US | 8.8.8.8:53 | wiqmwkaggigc.org | udp |
| US | 8.8.8.8:53 | ywxwfsq.net | udp |
| US | 8.8.8.8:53 | xrlyluukfb.info | udp |
| US | 8.8.8.8:53 | bavppixu.net | udp |
| US | 8.8.8.8:53 | ylabgkph.net | udp |
| US | 8.8.8.8:53 | afabzxjgrwen.net | udp |
| US | 8.8.8.8:53 | xgvkyubmm.info | udp |
| US | 8.8.8.8:53 | fkgritslx.org | udp |
| US | 8.8.8.8:53 | vcmglo.info | udp |
| US | 8.8.8.8:53 | offmhlmo.net | udp |
| US | 8.8.8.8:53 | ptpwnlreeaxo.net | udp |
| US | 8.8.8.8:53 | yisedlnu.net | udp |
| US | 8.8.8.8:53 | gxfpwcb.net | udp |
| US | 8.8.8.8:53 | fyvcmhxfxflb.net | udp |
| US | 8.8.8.8:53 | kkpskmjr.info | udp |
| US | 8.8.8.8:53 | eeeiusoc.com | udp |
| BG | 88.87.8.138:31805 | tcp | |
| US | 8.8.8.8:53 | difcrfvclttl.net | udp |
| US | 8.8.8.8:53 | dnuyggophlme.info | udp |
| US | 8.8.8.8:53 | udtkpszwv.info | udp |
| US | 8.8.8.8:53 | djyyiuzle.com | udp |
| US | 8.8.8.8:53 | myisuqok.org | udp |
| US | 8.8.8.8:53 | dtstyn.net | udp |
| US | 8.8.8.8:53 | mecgwkoug.info | udp |
| US | 8.8.8.8:53 | qeuibkx.net | udp |
| US | 8.8.8.8:53 | soaomgmiayia.org | udp |
| US | 8.8.8.8:53 | wrntdvucozzb.info | udp |
| US | 8.8.8.8:53 | eilqvudolvq.info | udp |
| US | 8.8.8.8:53 | xoudfv.info | udp |
| US | 8.8.8.8:53 | ogkwmkewmway.com | udp |
| US | 8.8.8.8:53 | vlkgtmvoa.net | udp |
| US | 8.8.8.8:53 | suuqpqtrw.net | udp |
| US | 8.8.8.8:53 | zbqtpeerkb.net | udp |
| US | 8.8.8.8:53 | jozorfj.info | udp |
| US | 8.8.8.8:53 | zuwrljtqss.net | udp |
| US | 8.8.8.8:53 | aqzgabmadka.info | udp |
| US | 8.8.8.8:53 | qhxjzghhxqh.info | udp |
| US | 8.8.8.8:53 | iepfgxdcvoj.net | udp |
| US | 8.8.8.8:53 | yktqhuksj.net | udp |
| US | 8.8.8.8:53 | xfzndln.net | udp |
| US | 8.8.8.8:53 | msaeugqyakco.org | udp |
| US | 8.8.8.8:53 | pzxyyi.info | udp |
| US | 8.8.8.8:53 | owijxsnijxlb.info | udp |
| US | 8.8.8.8:53 | pxdxvyf.net | udp |
| US | 8.8.8.8:53 | tmrxnmjrkb.net | udp |
| US | 8.8.8.8:53 | qjwuhu.info | udp |
| US | 8.8.8.8:53 | soixneh.info | udp |
| US | 8.8.8.8:53 | ssyuss.com | udp |
| US | 8.8.8.8:53 | vaizlhjv.net | udp |
| US | 8.8.8.8:53 | olxqvjxix.net | udp |
| US | 8.8.8.8:53 | oowqwoumiyew.com | udp |
| US | 8.8.8.8:53 | vvbzpjy.org | udp |
| US | 8.8.8.8:53 | ekagyuqugeyy.org | udp |
| US | 8.8.8.8:53 | asnmygy.info | udp |
| US | 8.8.8.8:53 | fzkrxmam.info | udp |
| US | 8.8.8.8:53 | yerazqh.info | udp |
| US | 8.8.8.8:53 | wuzbnoi.net | udp |
| US | 8.8.8.8:53 | xakaskpdl.net | udp |
| US | 8.8.8.8:53 | fixijml.org | udp |
| RU | 178.218.100.197:35846 | tcp | |
| US | 8.8.8.8:53 | amuskqeqaiic.org | udp |
| US | 8.8.8.8:53 | tceuvsrqb.info | udp |
| US | 8.8.8.8:53 | kflokawzkw.net | udp |
| US | 8.8.8.8:53 | mhlwvet.info | udp |
| US | 8.8.8.8:53 | rwasknvkps.info | udp |
| US | 8.8.8.8:53 | bvrlxiawb.net | udp |
| US | 8.8.8.8:53 | mfusnh.info | udp |
| US | 8.8.8.8:53 | oeiouqik.org | udp |
| US | 8.8.8.8:53 | codiygp.info | udp |
| US | 8.8.8.8:53 | bujydax.net | udp |
| US | 8.8.8.8:53 | itwdtito.info | udp |
| US | 8.8.8.8:53 | gatytgb.info | udp |
| US | 8.8.8.8:53 | sxsydftugfl.net | udp |
| US | 8.8.8.8:53 | gyqocgcwuu.org | udp |
| US | 8.8.8.8:53 | lgvsdfann.net | udp |
| US | 8.8.8.8:53 | dtppzh.net | udp |
| US | 8.8.8.8:53 | lupdojwxtrlo.net | udp |
| US | 8.8.8.8:53 | ayameywk.com | udp |
| US | 8.8.8.8:53 | dddojxdkt.info | udp |
| US | 8.8.8.8:53 | pcbehbhulqx.info | udp |
| US | 8.8.8.8:53 | msoiygcw.org | udp |
| US | 8.8.8.8:53 | qockeo.org | udp |
| US | 8.8.8.8:53 | vktorlwqe.net | udp |
| US | 8.8.8.8:53 | occffunsemm.net | udp |
| US | 8.8.8.8:53 | noufhu.info | udp |
| US | 8.8.8.8:53 | jntxuexoq.net | udp |
| US | 8.8.8.8:53 | ysbmqh.net | udp |
| US | 8.8.8.8:53 | ivftpm.net | udp |
| US | 8.8.8.8:53 | fhlueqiyv.net | udp |
| US | 8.8.8.8:53 | oqqeymwswoaa.com | udp |
| US | 8.8.8.8:53 | awtrjqbmv.net | udp |
| US | 8.8.8.8:53 | csaqznrivkg.info | udp |
| US | 8.8.8.8:53 | ywyucquu.com | udp |
| US | 8.8.8.8:53 | qyysauhr.net | udp |
| US | 8.8.8.8:53 | ejpdqikairvo.info | udp |
| US | 8.8.8.8:53 | lcggfscafs.net | udp |
| US | 8.8.8.8:53 | glxhvjzdjd.info | udp |
| US | 8.8.8.8:53 | nmpiqndclea.com | udp |
| US | 8.8.8.8:53 | ssgqsckw.com | udp |
| US | 8.8.8.8:53 | yfvseqtk.info | udp |
| US | 8.8.8.8:53 | kilozktbj.net | udp |
| US | 8.8.8.8:53 | uanqpejrt.net | udp |
| US | 8.8.8.8:53 | czdmvek.net | udp |
| US | 8.8.8.8:53 | xflrdxdu.net | udp |
| US | 8.8.8.8:53 | fwzgmozjl.com | udp |
| US | 8.8.8.8:53 | isfwxodwnut.net | udp |
| US | 8.8.8.8:53 | wcigqgiwqm.org | udp |
| US | 8.8.8.8:53 | yabgjuiyvpj.net | udp |
| US | 8.8.8.8:53 | ecvemit.info | udp |
| US | 8.8.8.8:53 | mwdoordco.info | udp |
| US | 8.8.8.8:53 | oksuqook.org | udp |
| US | 8.8.8.8:53 | dhzidetxtzu.org | udp |
| US | 8.8.8.8:53 | yqtafgfohsp.net | udp |
| US | 8.8.8.8:53 | btdneqyrez.info | udp |
| US | 8.8.8.8:53 | bhtapgfuvhr.com | udp |
| US | 8.8.8.8:53 | nrpqjt.info | udp |
| US | 8.8.8.8:53 | simyxeei.info | udp |
| US | 8.8.8.8:53 | tuuqlfyjxqe.info | udp |
| US | 8.8.8.8:53 | dxllnf.info | udp |
| US | 8.8.8.8:53 | kcxpzyf.info | udp |
| US | 8.8.8.8:53 | lkngjoezjnq.com | udp |
| US | 8.8.8.8:53 | javydgngnav.info | udp |
| US | 8.8.8.8:53 | ucgweeseak.com | udp |
| US | 8.8.8.8:53 | srbwimxsnx.net | udp |
| US | 8.8.8.8:53 | vjuirthup.info | udp |
| US | 8.8.8.8:53 | vqoovoqtl.org | udp |
| US | 8.8.8.8:53 | pabesrzykgi.org | udp |
| US | 8.8.8.8:53 | wrbgtg.info | udp |
| US | 8.8.8.8:53 | uikubpgobej.net | udp |
| US | 8.8.8.8:53 | tapifwl.org | udp |
| US | 8.8.8.8:53 | rvvshtvrdas.net | udp |
| US | 8.8.8.8:53 | vihxesqc.net | udp |
| US | 8.8.8.8:53 | csihpxjjme.info | udp |
| US | 8.8.8.8:53 | xbfhtyff.info | udp |
| US | 8.8.8.8:53 | curyowdj.info | udp |
| US | 8.8.8.8:53 | vpfinnmn.info | udp |
| MD | 92.115.63.62:26632 | tcp | |
| US | 8.8.8.8:53 | yejwhophmqco.net | udp |
| US | 8.8.8.8:53 | kidixphqsgb.net | udp |
| US | 8.8.8.8:53 | vsswekgnat.info | udp |
| US | 8.8.8.8:53 | dalwttqdx.net | udp |
| US | 8.8.8.8:53 | zbdtkcrrqe.info | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | aiayimcw.org | udp |
| US | 8.8.8.8:53 | qphqiwoqfqp.net | udp |
| US | 8.8.8.8:53 | ludybywud.net | udp |
| US | 8.8.8.8:53 | xkhurdpi.net | udp |
| US | 8.8.8.8:53 | uetspfggvki.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | kvyynvrx.info | udp |
| US | 8.8.8.8:53 | wqesocem.org | udp |
| US | 8.8.8.8:53 | jelsfif.net | udp |
| US | 8.8.8.8:53 | ggcwwkuuam.com | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | hafjpchllgfs.net | udp |
| US | 8.8.8.8:53 | yuiajmdtei.info | udp |
| US | 8.8.8.8:53 | awmiic.org | udp |
| US | 8.8.8.8:53 | ioinrhtuqekc.info | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | aimexxlua.net | udp |
| US | 8.8.8.8:53 | cilnmhrf.net | udp |
| US | 8.8.8.8:53 | ttworno.org | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | hzuunrbqrkr.info | udp |
| US | 8.8.8.8:53 | bysivntct.net | udp |
| US | 8.8.8.8:53 | ibvhvurqx.net | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| LT | 78.57.243.21:29139 | tcp | |
| US | 8.8.8.8:53 | bmfksslen.info | udp |
| US | 8.8.8.8:53 | jnriyhzkb.org | udp |
| US | 8.8.8.8:53 | mszelkj.net | udp |
| US | 8.8.8.8:53 | xsyowwr.net | udp |
| US | 8.8.8.8:53 | hnwrpurmwqoj.info | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | lptxixrkzv.info | udp |
| US | 8.8.8.8:53 | ugygmk.org | udp |
| US | 8.8.8.8:53 | scajyy.info | udp |
| US | 8.8.8.8:53 | ycsudef.info | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | uytixw.net | udp |
| US | 8.8.8.8:53 | bfuald.info | udp |
| US | 8.8.8.8:53 | kgoaqkckgk.org | udp |
| US | 8.8.8.8:53 | ngsoxwyc.info | udp |
| US | 8.8.8.8:53 | uffzrcxibes.info | udp |
| US | 8.8.8.8:53 | szfofisovcr.net | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | cumaiy.org | udp |
| US | 8.8.8.8:53 | xqsavqw.com | udp |
| US | 8.8.8.8:53 | bjqzxqw.net | udp |
| US | 8.8.8.8:53 | hddwtjf.org | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | vjraxhkqfup.com | udp |
| US | 8.8.8.8:53 | fqyetgjpzuz.com | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | tnnclvm.info | udp |
| US | 8.8.8.8:53 | fdjkggiktb.info | udp |
| US | 8.8.8.8:53 | aenrzevzvaj.net | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | ummsvlki.info | udp |
| US | 8.8.8.8:53 | vdfubgb.net | udp |
| US | 8.8.8.8:53 | gnwvjvjc.net | udp |
| US | 8.8.8.8:53 | xirqxvtwnnro.info | udp |
| US | 8.8.8.8:53 | rcstns.net | udp |
| US | 8.8.8.8:53 | itgsirpkoprl.info | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | tshpnadnpgj.net | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | ypniwahz.net | udp |
| US | 8.8.8.8:53 | fxmdvgzidtlp.net | udp |
| US | 8.8.8.8:53 | ozokfin.net | udp |
| US | 8.8.8.8:53 | gpenjfhcdk.net | udp |
| US | 8.8.8.8:53 | ebmilkcj.info | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | jwpyxcxop.net | udp |
| US | 8.8.8.8:53 | rdwexqt.info | udp |
| US | 8.8.8.8:53 | ttzkuuqan.com | udp |
| US | 8.8.8.8:53 | fjhgmmxxx.info | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | aqzbowenq.info | udp |
| RU | 31.181.86.245:23307 | tcp | |
| US | 8.8.8.8:53 | mmnitqr.net | udp |
| US | 8.8.8.8:53 | vkdoallngp.info | udp |
| US | 8.8.8.8:53 | kevmxyxciyt.net | udp |
| US | 8.8.8.8:53 | fqhefw.info | udp |
| US | 8.8.8.8:53 | knrgfdzojrjn.info | udp |
| US | 8.8.8.8:53 | jlvcxy.info | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | pymyaopldsy.net | udp |
| US | 8.8.8.8:53 | uujqfbbmlur.net | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | tdhnlhvypr.net | udp |
| US | 8.8.8.8:53 | hibedhpetrt.info | udp |
| US | 8.8.8.8:53 | zgvixk.net | udp |
| US | 8.8.8.8:53 | sdxftb.info | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | wyfuvfblbtj.info | udp |
| US | 8.8.8.8:53 | lhofkm.net | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | eoqouuua.com | udp |
| US | 8.8.8.8:53 | ljnrjcwzoptd.net | udp |
| US | 8.8.8.8:53 | gylxvmtef.info | udp |
| US | 8.8.8.8:53 | gkpkgczgy.info | udp |
Files
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
| MD5 | 32c9a6435d4988f8555976f0bcb47803 |
| SHA1 | 89d8c6c98e23a65e102b44a78b8582fbc2bf66f2 |
| SHA256 | 5880a283c3fc44d23a1c368301384b7db5cd47aa6cbfe340f96163251bf72e54 |
| SHA512 | 905d845d6352bf3cebf58fffd9efc41d87f9dfc721408f8ecc06e1c1c1e20f6753f4987689a7ba9253286efedb95e9266cb63b291d4a2a8cbca0e6c3f80e064c |
C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe
| MD5 | c80bb333a03aefa2ebc92b2d4851eaed |
| SHA1 | e8f4a6c6537522d8c9e187f4cc2ae47252c39e6f |
| SHA256 | 26aa0051cdca76b6fea6ef46de623fc60b21b3adcb3100e3366ab638fe9c3a38 |
| SHA512 | 5a2d9a4c626761a0b9ce6eca4d21453a35ea91d29a17a7ebef69d0cccf7dd86accc8ed395437578e329e6aea98dd6cb05c02a7b53ffb8014400f11a6041da4f9 |
C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe
| MD5 | 7ab154b8f9a5d53361fb598c093c7f66 |
| SHA1 | 9c89d4bd5f785a9949d9455c1a9c31178aa143e8 |
| SHA256 | 8580eddea59762e432e6d9d5be1300cf159a81d6a10e86f6c17a99bdb8f67192 |
| SHA512 | 22cb9c6e5986882234cfd5c8e09fa6916bdba5c562a9a40db9e85fb3e7251e609f29673718d7533059f4358c8c376cef10eea4f08123f38b59ac1b09d1863cd5 |
C:\Users\Admin\AppData\Local\qfjcncoykaobqcsqlnqfjcncoykaobqcsql.qfj
| MD5 | 7c565d4675a4dfb724f02c0edda587b2 |
| SHA1 | 57730e94418cce34e6825610a820e92a12e7d3d9 |
| SHA256 | 39bb57d1334f4160b3db976669421ce179a9ddd993b348da2c9f56dc39f0916b |
| SHA512 | 471bb801f75cb39aa0128220c750317c87397689299f24c8bf3d8cf6784534f4471384db1ecf960edfbc9f13243f7031ab5d1c05aef7bde9d127cfa3325f28f8 |
C:\Users\Admin\AppData\Local\hlemmqrqrwzbfglyizrvowwa.abg
| MD5 | 1afda166bc808507f39de3879b6c8baf |
| SHA1 | 500d6a4ae9f06cd1ccd0a9a3cd6ece87d3db9274 |
| SHA256 | e23585bd07cadc01f43512d22f5d35911bb3e370985781a544f37ca6a6d4ca4d |
| SHA512 | c288cb1171bd6a11ca9eb2f189a3471ade02b57214e8afcfb00e11daa3e29e475b1839aa25ba578e5128cf07eaf7601c5a3b67024274065f0aa00390f7a63a29 |
C:\Program Files (x86)\hlemmqrqrwzbfglyizrvowwa.abg
| MD5 | 6c43a2f8ad6adcf6480e245414508425 |
| SHA1 | 59678ef99b28c8da7cffa4046d1eafd5fb80f652 |
| SHA256 | 8440e2cac225f76e9a90e1c8fb2cf8dd75ec43b0f51ff95974241922fd01dd83 |
| SHA512 | 838f1bf799167fd432f89bc28bedfc6684985f1c0fd8ade5ab909a38d51e695e2b9bad544db0438b041a11564f0d99decd5f8aa2b416209221e305a327047aad |
C:\Program Files (x86)\hlemmqrqrwzbfglyizrvowwa.abg
| MD5 | 2b241f88f6ab8b1ccd1d4ece1da32d98 |
| SHA1 | f1cd0e8210f5d7a30b0d6b2973ead40a52cc99f0 |
| SHA256 | b01257f9c4c83c319846c6ed7896f5431f848eafbbfcc532858c7b76aad6bd25 |
| SHA512 | c4e229a6726a2ea1057402914cef593c6b20660d4ba568bbf21a17b645abcf302a7effad233de1f10bfe7df611dc258aa60726ebda6bd1ae7333c3fc1d0c2925 |
C:\Program Files (x86)\hlemmqrqrwzbfglyizrvowwa.abg
| MD5 | 74d7cf3b3eef47741190339096080e52 |
| SHA1 | 388b4e21c8997f9b53f76b2a27e194675a0a61c1 |
| SHA256 | 356204e21c9bad58ac70e242422c031fe0e44c356c001b05bcb185a467a3051a |
| SHA512 | acd8e0f026bd1dd1fcb45759ac011dc2c0fce596c370aacd87cfe1a2144c277cd45d66d142117bd11b161226a1dd5e0db87270a994a02452c68e911f4e349362 |
C:\Program Files (x86)\hlemmqrqrwzbfglyizrvowwa.abg
| MD5 | c70e947c2d390f1aaa424b4d323c67d0 |
| SHA1 | 502e0f229ce517982399c392fa4491e8e1176314 |
| SHA256 | fa57883ae87daaf85cf8adc9393f9f158757aaefacd95d328ff9bfc329f9b42d |
| SHA512 | 135ddb2d975cb3e5e1d56b4fcabe0b89a37a0789609a3e260f5a4499270ad6c7d1a2917fe1467b3afb2e2c49d3cbb32389e6a20914bee577a2ae918b7e93872e |
C:\Program Files (x86)\hlemmqrqrwzbfglyizrvowwa.abg
| MD5 | 11f8ad286c625e450e27f01b2036d680 |
| SHA1 | 8753142803f0188c6e5bc4bc63ea93fbd1c5039d |
| SHA256 | dcaa2282327b65847d47fb933d50bd07ea9f3e3c2bd0a3a71c294f5d1789976b |
| SHA512 | c146f46b9398e5f02c1d661bf3ba87c738dfd09519b8d43748bb3c77f8dc2c74b95b4e084344878dbccf881a83f0afaaf70145ccb8408f693bfe5eb88c3b61d1 |
C:\Program Files (x86)\hlemmqrqrwzbfglyizrvowwa.abg
| MD5 | f540733586c7f2f97a0966d5d3bbfc46 |
| SHA1 | 67994a0a82dbfccee81798219b94120bee54e236 |
| SHA256 | e2fe4b6508f8b5ea496c2e4222aec7ee619474eebcaa3c4f3bdb9182dba50823 |
| SHA512 | 1593e132ede99446b2cad12b00f19c984681d6b2bf10ad0b648d864f6c34be50beb8ddc17784720b4e01d4b47a8388cb9ae4834f39e51eee9f06ae636cf50464 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-04-21 06:04
Reported
2025-04-21 06:06
Platform
win11-20250410-en
Max time kernel
61s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "zqjbymfxulusmvhqvrd.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "ymcrlwmbvjpkbhqw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "oewnjwofbrzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "zqjbymfxulusmvhqvrd.exe" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "meyrpeyrphrqlvisyvia.exe" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bupjiytnmfqqmxlwdbpid.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\meyrpeyrphrqlvisyvia.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fulbwizpkzgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bupjiytnmfqqmxlwdbpid.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fulbwizpkzgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\meyrpeyrphrqlvisyvia.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "zqjbymfxulusmvhqvrd.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "zqjbymfxulusmvhqvrd.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "bupjiytnmfqqmxlwdbpid.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "ymcrlwmbvjpkbhqw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "meyrpeyrphrqlvisyvia.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "bupjiytnmfqqmxlwdbpid.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "fulbwizpkzgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\meyrpeyrphrqlvisyvia.exe" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "fulbwizpkzgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "oewnjwofbrzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "zqjbymfxulusmvhqvrd.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fulbwizpkzgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ymcrlwmbvjpkbhqw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "fulbwizpkzgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "bupjiytnmfqqmxlwdbpid.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bupjiytnmfqqmxlwdbpid.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "meyrpeyrphrqlvisyvia.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bupjiytnmfqqmxlwdbpid.exe" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zqjbymfxulusmvhqvrd.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "bupjiytnmfqqmxlwdbpid.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fulbwizpkzgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "bupjiytnmfqqmxlwdbpid.exe" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "bupjiytnmfqqmxlwdbpid.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "bupjiytnmfqqmxlwdbpid.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "ymcrlwmbvjpkbhqw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "bupjiytnmfqqmxlwdbpid.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\meyrpeyrphrqlvisyvia.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "oewnjwofbrzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ymcrlwmbvjpkbhqw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "meyrpeyrphrqlvisyvia.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "bupjiytnmfqqmxlwdbpid.exe ." | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "meyrpeyrphrqlvisyvia.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "oewnjwofbrzwpxiqup.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\meyrpeyrphrqlvisyvia.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnxmsdnclm = "zqjbymfxulusmvhqvrd.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zqjbymfxulusmvhqvrd.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "meyrpeyrphrqlvisyvia.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcqdvesfxjngvz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\meyrpeyrphrqlvisyvia.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcqdvesfxjngvz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ymcrlwmbvjpkbhqw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcqdvesfxjngvz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fulbwizpkzgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcqdvesfxjngvz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "fulbwizpkzgcublsv.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "oewnjwofbrzwpxiqup.exe ." | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\panzqylxozcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\meyrpeyrphrqlvisyvia.exe ." | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ymcrlwmbvjpkbhqw.exe ." | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "fulbwizpkzgcublsv.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "bupjiytnmfqqmxlwdbpid.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "fulbwizpkzgcublsv.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcqdvesfxjngvz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\panzqylxozcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bupjiytnmfqqmxlwdbpid.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\panzqylxozcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\meyrpeyrphrqlvisyvia.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "ymcrlwmbvjpkbhqw.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnxmsdnclm = "ymcrlwmbvjpkbhqw.exe" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "oewnjwofbrzwpxiqup.exe ." | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "meyrpeyrphrqlvisyvia.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnxmsdnclm = "oewnjwofbrzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "meyrpeyrphrqlvisyvia.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnxmsdnclm = "fulbwizpkzgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "oewnjwofbrzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "ymcrlwmbvjpkbhqw.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zqjbymfxulusmvhqvrd.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zqjbymfxulusmvhqvrd.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\panzqylxozcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zqjbymfxulusmvhqvrd.exe ." | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "ymcrlwmbvjpkbhqw.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "meyrpeyrphrqlvisyvia.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "fulbwizpkzgcublsv.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zqjbymfxulusmvhqvrd.exe" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\panzqylxozcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fulbwizpkzgcublsv.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "fulbwizpkzgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\panzqylxozcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bupjiytnmfqqmxlwdbpid.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "zqjbymfxulusmvhqvrd.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "fulbwizpkzgcublsv.exe ." | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnxmsdnclm = "zqjbymfxulusmvhqvrd.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\panzqylxozcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcqdvesfxjngvz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ymcrlwmbvjpkbhqw.exe" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnxmsdnclm = "meyrpeyrphrqlvisyvia.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\panzqylxozcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zqjbymfxulusmvhqvrd.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcqdvesfxjngvz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bupjiytnmfqqmxlwdbpid.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcqdvesfxjngvz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bupjiytnmfqqmxlwdbpid.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnxmsdnclm = "fulbwizpkzgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zqjbymfxulusmvhqvrd.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\panzqylxozcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zqjbymfxulusmvhqvrd.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fulbwizpkzgcublsv.exe" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "zqjbymfxulusmvhqvrd.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe ." | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bupjiytnmfqqmxlwdbpid.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnxmsdnclm = "ymcrlwmbvjpkbhqw.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zqjbymfxulusmvhqvrd.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| File opened for modification | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| File created | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| File opened for modification | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\oewnjwofbrzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ymcrlwmbvjpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fulbwizpkzgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ymcrlwmbvjpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zqjbymfxulusmvhqvrd.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zqjbymfxulusmvhqvrd.exe | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bupjiytnmfqqmxlwdbpid.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bupjiytnmfqqmxlwdbpid.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fulbwizpkzgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zqjbymfxulusmvhqvrd.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zqjbymfxulusmvhqvrd.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ymcrlwmbvjpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ymcrlwmbvjpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oewnjwofbrzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zqjbymfxulusmvhqvrd.exe | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ymcrlwmbvjpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oewnjwofbrzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bupjiytnmfqqmxlwdbpid.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fulbwizpkzgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fulbwizpkzgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fulbwizpkzgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oewnjwofbrzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bupjiytnmfqqmxlwdbpid.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oewnjwofbrzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bupjiytnmfqqmxlwdbpid.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fulbwizpkzgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fulbwizpkzgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zqjbymfxulusmvhqvrd.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ymcrlwmbvjpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fulbwizpkzgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\suybjimpxztchbysipmosvdcgj.tnw | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oewnjwofbrzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bupjiytnmfqqmxlwdbpid.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ymcrlwmbvjpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oewnjwofbrzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ymcrlwmbvjpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zqjbymfxulusmvhqvrd.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bupjiytnmfqqmxlwdbpid.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zqjbymfxulusmvhqvrd.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ymcrlwmbvjpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\suybjimpxztchbysipmosvdcgj.tnw | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| File created | C:\Program Files (x86)\suybjimpxztchbysipmosvdcgj.tnw | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| File opened for modification | C:\Program Files (x86)\tgvjcmbpivaukpxcdvdqftmwlzsfkeuzhmnfn.pdw | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| File created | C:\Program Files (x86)\tgvjcmbpivaukpxcdvdqftmwlzsfkeuzhmnfn.pdw | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\oewnjwofbrzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\oewnjwofbrzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\smidduqllfrspbqckjysoj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\fulbwizpkzgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\fulbwizpkzgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\zqjbymfxulusmvhqvrd.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\meyrpeyrphrqlvisyvia.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\bupjiytnmfqqmxlwdbpid.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\zqjbymfxulusmvhqvrd.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\zqjbymfxulusmvhqvrd.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\meyrpeyrphrqlvisyvia.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\smidduqllfrspbqckjysoj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\zqjbymfxulusmvhqvrd.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\fulbwizpkzgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\meyrpeyrphrqlvisyvia.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\bupjiytnmfqqmxlwdbpid.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\ymcrlwmbvjpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\smidduqllfrspbqckjysoj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\smidduqllfrspbqckjysoj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\bupjiytnmfqqmxlwdbpid.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\fulbwizpkzgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\bupjiytnmfqqmxlwdbpid.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\zqjbymfxulusmvhqvrd.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\smidduqllfrspbqckjysoj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File created | C:\Windows\suybjimpxztchbysipmosvdcgj.tnw | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| File opened for modification | C:\Windows\bupjiytnmfqqmxlwdbpid.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\meyrpeyrphrqlvisyvia.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\smidduqllfrspbqckjysoj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\zqjbymfxulusmvhqvrd.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\zqjbymfxulusmvhqvrd.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\ymcrlwmbvjpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\oewnjwofbrzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\zqjbymfxulusmvhqvrd.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\tgvjcmbpivaukpxcdvdqftmwlzsfkeuzhmnfn.pdw | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| File opened for modification | C:\Windows\fulbwizpkzgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\bupjiytnmfqqmxlwdbpid.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\bupjiytnmfqqmxlwdbpid.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\zqjbymfxulusmvhqvrd.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\oewnjwofbrzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\oewnjwofbrzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\oewnjwofbrzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\fulbwizpkzgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\ymcrlwmbvjpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\oewnjwofbrzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\zqjbymfxulusmvhqvrd.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\ymcrlwmbvjpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\ymcrlwmbvjpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\oewnjwofbrzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\ymcrlwmbvjpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\smidduqllfrspbqckjysoj.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\bupjiytnmfqqmxlwdbpid.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\ymcrlwmbvjpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\bupjiytnmfqqmxlwdbpid.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\fulbwizpkzgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\bupjiytnmfqqmxlwdbpid.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\ymcrlwmbvjpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\meyrpeyrphrqlvisyvia.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\ymcrlwmbvjpkbhqw.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\fulbwizpkzgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\fulbwizpkzgcublsv.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\zqjbymfxulusmvhqvrd.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\meyrpeyrphrqlvisyvia.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| File opened for modification | C:\Windows\oewnjwofbrzwpxiqup.exe | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| File opened for modification | C:\Windows\meyrpeyrphrqlvisyvia.exe | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fulbwizpkzgcublsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fulbwizpkzgcublsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ymcrlwmbvjpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fulbwizpkzgcublsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bupjiytnmfqqmxlwdbpid.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oewnjwofbrzwpxiqup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oewnjwofbrzwpxiqup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ymcrlwmbvjpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\meyrpeyrphrqlvisyvia.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ymcrlwmbvjpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zqjbymfxulusmvhqvrd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ymcrlwmbvjpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\meyrpeyrphrqlvisyvia.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ymcrlwmbvjpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bupjiytnmfqqmxlwdbpid.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ymcrlwmbvjpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\meyrpeyrphrqlvisyvia.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zqjbymfxulusmvhqvrd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bupjiytnmfqqmxlwdbpid.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zqjbymfxulusmvhqvrd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ymcrlwmbvjpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oewnjwofbrzwpxiqup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oewnjwofbrzwpxiqup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oewnjwofbrzwpxiqup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fulbwizpkzgcublsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ymcrlwmbvjpkbhqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zqjbymfxulusmvhqvrd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zqjbymfxulusmvhqvrd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oewnjwofbrzwpxiqup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zqjbymfxulusmvhqvrd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ymcrlwmbvjpkbhqw.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\mqwblm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe"
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."
C:\Users\Admin\AppData\Local\Temp\mqwblm.exe
"C:\Users\Admin\AppData\Local\Temp\mqwblm.exe" "-C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe"
C:\Users\Admin\AppData\Local\Temp\mqwblm.exe
"C:\Users\Admin\AppData\Local\Temp\mqwblm.exe" "-C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe .
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fulbwizpkzgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe .
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fulbwizpkzgcublsv.exe*."
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fulbwizpkzgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe .
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fulbwizpkzgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fulbwizpkzgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fulbwizpkzgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fulbwizpkzgcublsv.exe*."
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fulbwizpkzgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe .
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe .
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe .
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe .
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .
C:\Windows\oewnjwofbrzwpxiqup.exe
oewnjwofbrzwpxiqup.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .
C:\Windows\bupjiytnmfqqmxlwdbpid.exe
bupjiytnmfqqmxlwdbpid.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .
C:\Windows\fulbwizpkzgcublsv.exe
fulbwizpkzgcublsv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .
C:\Windows\zqjbymfxulusmvhqvrd.exe
zqjbymfxulusmvhqvrd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."
C:\Windows\meyrpeyrphrqlvisyvia.exe
meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .
C:\Windows\ymcrlwmbvjpkbhqw.exe
ymcrlwmbvjpkbhqw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fulbwizpkzgcublsv.exe*."
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 34.111.176.156:80 | www.myspace.com | tcp |
| MD | 188.138.178.64:14152 | tcp | |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| GR | 85.72.236.219:44972 | tcp | |
| US | 8.8.8.8:53 | wewqckumku.com | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | vdfubgb.net | udp |
| BG | 95.42.36.163:34663 | tcp | |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 88.216.2.72:38356 | tcp | |
| US | 8.8.8.8:53 | hzlwxktkmsl.info | udp |
| LT | 78.61.60.57:34081 | tcp | |
| US | 8.8.8.8:53 | fzqqdxfc.net | udp |
| US | 8.8.8.8:53 | cjocyhvhljvd.info | udp |
| MD | 93.116.180.218:29884 | tcp | |
| US | 8.8.8.8:53 | yrtkyrwt.net | udp |
| US | 8.8.8.8:53 | dkixdeku.info | udp |
| US | 8.8.8.8:53 | woodid.net | udp |
| TR | 85.97.241.141:38336 | tcp | |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | rsjslglhy.com | udp |
| LT | 78.58.116.47:27594 | tcp | |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | awbwmccnuow.net | udp |
| US | 8.8.8.8:53 | wczylsp.net | udp |
| BG | 46.10.68.106:14211 | tcp | |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| BG | 93.152.170.58:44601 | tcp | |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| BG | 91.218.82.78:27874 | tcp | |
| US | 8.8.8.8:53 | wkekixz.info | udp |
| GR | 94.71.198.56:17435 | tcp | |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| RU | 79.105.238.83:34491 | tcp | |
| US | 8.8.8.8:53 | pbkmbz.net | udp |
| US | 8.8.8.8:53 | vgvrpag.org | udp |
| GB | 86.29.88.80:44418 | tcp | |
| US | 8.8.8.8:53 | yqqigkwo.org | udp |
| BG | 84.252.63.24:31509 | tcp | |
| US | 8.8.8.8:53 | eonubyiixwx.info | udp |
| US | 8.8.8.8:53 | eiiiaiieicsk.com | udp |
| US | 8.8.8.8:53 | hqgafrjopqsh.net | udp |
| LT | 78.57.153.118:17978 | tcp | |
| US | 8.8.8.8:53 | ronydukqnrg.info | udp |
| US | 8.8.8.8:53 | wwfnhv.info | udp |
| US | 8.8.8.8:53 | ohycrudu.info | udp |
| BG | 109.160.65.93:13104 | tcp | |
| US | 8.8.8.8:53 | foxofcpjx.info | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | agiiyiuk.com | udp |
| US | 8.8.8.8:53 | dbklwh.info | udp |
| US | 8.8.8.8:53 | punjxixka.net | udp |
| US | 8.8.8.8:53 | slalkhrazivx.net | udp |
| US | 8.8.8.8:53 | mxjslk.info | udp |
| US | 8.8.8.8:53 | hiukhyi.net | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | kgmaegiyug.com | udp |
| US | 8.8.8.8:53 | vxxjja.info | udp |
| US | 8.8.8.8:53 | zfcyfwhwr.net | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | wiupjyjvr.info | udp |
| US | 8.8.8.8:53 | jiloowlnx.info | udp |
| US | 8.8.8.8:53 | fcezbdqm.info | udp |
| US | 8.8.8.8:53 | ispcxnjcous.net | udp |
| US | 8.8.8.8:53 | gaoimmwc.org | udp |
| US | 8.8.8.8:53 | ovygkvcrla.info | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | yfydmw.info | udp |
| US | 8.8.8.8:53 | hyfvnvbs.net | udp |
| US | 8.8.8.8:53 | icqwmc.com | udp |
| US | 8.8.8.8:53 | urwdwyzxuv.net | udp |
| US | 8.8.8.8:53 | jptppgrczx.net | udp |
| US | 8.8.8.8:53 | nfqobekmbz.net | udp |
| US | 8.8.8.8:53 | uzbiar.info | udp |
| US | 8.8.8.8:53 | ucsecc.org | udp |
| LT | 78.58.44.221:33692 | tcp | |
| US | 8.8.8.8:53 | ctbkljzygn.info | udp |
| US | 8.8.8.8:53 | fvxkhgc.org | udp |
| US | 8.8.8.8:53 | lguviyyx.net | udp |
| US | 8.8.8.8:53 | bwhhiptfrf.info | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | karcxeeda.net | udp |
| US | 8.8.8.8:53 | rdapxwymkh.info | udp |
| US | 8.8.8.8:53 | hrdsgohxw.info | udp |
| US | 8.8.8.8:53 | vwzjmszzfyah.net | udp |
| US | 8.8.8.8:53 | qsajnxvwvd.net | udp |
| US | 8.8.8.8:53 | ygholuhft.info | udp |
| US | 8.8.8.8:53 | gspcxzpfn.info | udp |
| US | 8.8.8.8:53 | gokuuqqm.com | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | habgcbbfjp.net | udp |
| US | 8.8.8.8:53 | iziovgsodf.net | udp |
| US | 8.8.8.8:53 | lubvlxc.org | udp |
| US | 8.8.8.8:53 | kdtuidyufj.info | udp |
| US | 8.8.8.8:53 | hnrorsxohsu.net | udp |
| US | 8.8.8.8:53 | esottucaoqsx.info | udp |
| US | 8.8.8.8:53 | cgzqtowog.info | udp |
| US | 8.8.8.8:53 | fblbpcnvloo.net | udp |
| US | 8.8.8.8:53 | jihcytqyev.info | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| US | 8.8.8.8:53 | cdychfoa.info | udp |
| US | 8.8.8.8:53 | klhuurqsey.net | udp |
| US | 8.8.8.8:53 | ddelbz.net | udp |
| US | 8.8.8.8:53 | oqwitkv.net | udp |
| US | 8.8.8.8:53 | xqywhzjhtgxa.info | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | gsbitsbuyhe.info | udp |
| US | 8.8.8.8:53 | xtruvapagyu.info | udp |
| US | 8.8.8.8:53 | xkzqqqo.info | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | tlnybejedztg.info | udp |
| US | 8.8.8.8:53 | xvactwvzzcv.org | udp |
| US | 8.8.8.8:53 | jddfpvpgyr.info | udp |
| US | 8.8.8.8:53 | fddpzlyxftlc.info | udp |
| US | 8.8.8.8:53 | bwlzwzblyx.info | udp |
| BG | 95.111.121.214:32651 | tcp | |
| US | 8.8.8.8:53 | nvleygtdr.org | udp |
| US | 8.8.8.8:53 | xrlyluukfb.info | udp |
| US | 8.8.8.8:53 | jchwvjdndzeo.net | udp |
| US | 8.8.8.8:53 | xxzgdih.net | udp |
| US | 8.8.8.8:53 | fkgritslx.org | udp |
| US | 8.8.8.8:53 | hqddnpkblsv.com | udp |
| US | 8.8.8.8:53 | izayjutlp.info | udp |
| US | 8.8.8.8:53 | vcmglo.info | udp |
| US | 8.8.8.8:53 | nhynfngbdony.info | udp |
| US | 8.8.8.8:53 | icjjzwopdfhv.info | udp |
| US | 8.8.8.8:53 | vqtcgcotaw.net | udp |
| US | 8.8.8.8:53 | wiuyegoyem.org | udp |
| US | 8.8.8.8:53 | eeeiusoc.com | udp |
| US | 8.8.8.8:53 | dnuyggophlme.info | udp |
| US | 8.8.8.8:53 | urrzlhrdtmj.info | udp |
| US | 8.8.8.8:53 | tfrytylqfi.net | udp |
| US | 8.8.8.8:53 | iypzsqzawlad.net | udp |
| US | 8.8.8.8:53 | zbqtpeerkb.net | udp |
| US | 8.8.8.8:53 | hrpgdes.com | udp |
| US | 8.8.8.8:53 | zuwrljtqss.net | udp |
| US | 8.8.8.8:53 | cgkioueseswi.org | udp |
| US | 8.8.8.8:53 | zriwfmhkoz.info | udp |
| US | 8.8.8.8:53 | mwbknupwd.info | udp |
| US | 8.8.8.8:53 | msaeugqyakco.org | udp |
| US | 8.8.8.8:53 | fprstl.info | udp |
| US | 8.8.8.8:53 | scqinyp.net | udp |
| US | 8.8.8.8:53 | zunahzwgevm.info | udp |
| US | 8.8.8.8:53 | tmrxnmjrkb.net | udp |
| US | 8.8.8.8:53 | rinpgfddop.info | udp |
| US | 8.8.8.8:53 | talwbyj.com | udp |
| US | 8.8.8.8:53 | obpmhyhfsihq.net | udp |
| US | 8.8.8.8:53 | wgqwxbkuowh.net | udp |
| US | 8.8.8.8:53 | vaizlhjv.net | udp |
| US | 8.8.8.8:53 | zmbiwirtm.com | udp |
| US | 8.8.8.8:53 | uomieuwsgywa.com | udp |
| US | 8.8.8.8:53 | hyuvjtfqls.info | udp |
| US | 8.8.8.8:53 | cornpgic.info | udp |
| US | 8.8.8.8:53 | mejhvcp.net | udp |
| US | 8.8.8.8:53 | ydbgfyt.info | udp |
| US | 8.8.8.8:53 | gqomvegqfsq.net | udp |
| US | 8.8.8.8:53 | cmdixalgfvd.net | udp |
| US | 8.8.8.8:53 | xfnqgoaysmm.net | udp |
| US | 8.8.8.8:53 | fixijml.org | udp |
| US | 8.8.8.8:53 | fklsbvmas.org | udp |
| US | 8.8.8.8:53 | mdnoytoc.info | udp |
| US | 8.8.8.8:53 | bzjetjpa.net | udp |
| US | 8.8.8.8:53 | bvrlxiawb.net | udp |
| US | 8.8.8.8:53 | eqjxhvla.net | udp |
| US | 8.8.8.8:53 | ukcosqwg.org | udp |
| US | 8.8.8.8:53 | otfuqtgi.net | udp |
| US | 8.8.8.8:53 | ecwkjal.info | udp |
| US | 8.8.8.8:53 | upwypqtp.info | udp |
| GR | 94.71.198.56:17435 | tcp | |
| US | 8.8.8.8:53 | sxsydftugfl.net | udp |
| US | 8.8.8.8:53 | qoluxcicfjb.info | udp |
| US | 8.8.8.8:53 | dddojxdkt.info | udp |
| US | 8.8.8.8:53 | msoiygcw.org | udp |
| US | 8.8.8.8:53 | scaouo.org | udp |
| US | 8.8.8.8:53 | bstrdwdocrlu.info | udp |
| US | 8.8.8.8:53 | jntxuexoq.net | udp |
| US | 8.8.8.8:53 | wkcogiumouwo.com | udp |
| US | 8.8.8.8:53 | jivowkwv.net | udp |
| US | 8.8.8.8:53 | pnfuhkx.info | udp |
| US | 8.8.8.8:53 | hyceyh.info | udp |
Files
C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
| MD5 | 453e59989cd5159a2dd655cddce63526 |
| SHA1 | 07757c046b6ef971d83fb4521b647783775c1956 |
| SHA256 | 2fec8307412b25dd288fa1247a5a073b4e9b746b682023646969e91f451f9772 |
| SHA512 | 850852f6e2ba9195ee2ec99190cb467c55b129221c866fd5d45aa0fc6d4e774f14fcb4001b6460e563756df5213d10aefcf7f753fde5a921eae0b8d54acb3f13 |
C:\Windows\SysWOW64\oewnjwofbrzwpxiqup.exe
| MD5 | c80bb333a03aefa2ebc92b2d4851eaed |
| SHA1 | e8f4a6c6537522d8c9e187f4cc2ae47252c39e6f |
| SHA256 | 26aa0051cdca76b6fea6ef46de623fc60b21b3adcb3100e3366ab638fe9c3a38 |
| SHA512 | 5a2d9a4c626761a0b9ce6eca4d21453a35ea91d29a17a7ebef69d0cccf7dd86accc8ed395437578e329e6aea98dd6cb05c02a7b53ffb8014400f11a6041da4f9 |
C:\Users\Admin\AppData\Local\Temp\mqwblm.exe
| MD5 | 6ccb9e03f999b8bd9fabb0c85e8a17a7 |
| SHA1 | daafb7129c76cd27975d9c073a580e31ad2ddb8b |
| SHA256 | a03b3c8ce747d5dc6cbb22eca4df4994e4818d7bd15da7f60fdd0c8a91688423 |
| SHA512 | 2f0357a5158c629644acac212910f1365cc989fb967394f6e4754e8e9ee7d1a4b034e8d12a3a7fb7eac34e7eb4a8d494f66201babcde7668fb4e02a40e1ecb6d |
C:\Users\Admin\AppData\Local\suybjimpxztchbysipmosvdcgj.tnw
| MD5 | 3e45cb14c321528df0876bd9520880af |
| SHA1 | 276444d01f90a64f2779ee5ebaee99f3c270ef53 |
| SHA256 | 8b78d31a27841a63f193dfe15a90a9f79932d81d708b319eb16239816bf66ca4 |
| SHA512 | 265445a5afb5a04348ea7b37dc7c95c83a79fffa6639166628bb6bf5f0cb170fc0cb579241751aeaa3b90e98c97a9b19895099a34826b98225578d2d0fbe27a5 |
C:\Users\Admin\AppData\Local\tgvjcmbpivaukpxcdvdqftmwlzsfkeuzhmnfn.pdw
| MD5 | 2e2a32327ae311f5dad167de97bb9a6e |
| SHA1 | cb0cec255b4e289dcf7a52d1722b2d2c3cd09033 |
| SHA256 | 2a04ae8c59d9fe70114af8fe2cbb0e6726019ea803e7977619b8b2aee28112c0 |
| SHA512 | 46dd0ff700b937213ee0fa1464a730b7afc99537c4fb1691de8655d9bf31f455b387b4962d7d5cf48f8cd0ac56536d0dbc3f57c8cfff5b8242a6ca126194fcf1 |
C:\Program Files (x86)\suybjimpxztchbysipmosvdcgj.tnw
| MD5 | f6221ce8aa1689f209c1434f083c8597 |
| SHA1 | 450f15e329b769901472a9d72685014e08c1f505 |
| SHA256 | 49a68827faedf19744719f202be26ecc2bfeecc87deeda1298c2448ee133db70 |
| SHA512 | 4d06003989d940bb5733da128c1e3a8b3e3f128b06bb7b0de0014a85677c875c52734804bf6ee51dc2f527d6a45e4b67fc3ecb65275d1e7a621ff71d83ccb823 |
C:\Program Files (x86)\suybjimpxztchbysipmosvdcgj.tnw
| MD5 | 1b7665b9ab464d2540cf3869208b5903 |
| SHA1 | fb805a93ea3a6e446b2352a6549b37dc5aba33be |
| SHA256 | b41f88d9b45dcf674835551337ee6a2fd641bf97c0d7444c25a01cffdafc8a45 |
| SHA512 | 59ad5222ae7a69d5f960ab2776aa050731388cd951c8eee0abbe6ab8f460fc6a2d39dc3b608a61ae4f91ef9c9e9fdc782d2a19c5f2e700e044cf0a716ca7ce59 |
C:\Program Files (x86)\suybjimpxztchbysipmosvdcgj.tnw
| MD5 | eed8f7012d937cde7346b4e4d5bc2ab5 |
| SHA1 | 2cd7d65aa07b31dbeda62b3621f709b4d58bf780 |
| SHA256 | bfe139967a9575e4581a8bd65b16cae8e100ae147997cc96c6181d26de165d0d |
| SHA512 | 1e7f90a5ac3fc68ec0d3c12cad5008b1a84f936def8716a68303b29d18ccb80205de23574a45eb093c43c3ee0e79abd57cc0cde7b769c389f5c5eac620bc6d52 |
C:\Program Files (x86)\suybjimpxztchbysipmosvdcgj.tnw
| MD5 | f8d2913d1acbe07f96efaf2472a2dc28 |
| SHA1 | 93ffd7ac289b2e1125eb894cf4fa83ab2f1644ba |
| SHA256 | 4fdba647e7e86a3ce8f25643bd9500e983ac6f755cec88cf7ce4b06c9bf03ec4 |
| SHA512 | 5c99144f95e9d8e3ec4e08a4f55f4ba558ca7291427e0874b5d39d812ff7698e0e7d7bd6f5cb6b2cd8aafa833fb533938695423b55591459b6d1df04b7bc7599 |
C:\Program Files (x86)\suybjimpxztchbysipmosvdcgj.tnw
| MD5 | a52aa074bdedaa60c0fd9de757d95743 |
| SHA1 | 67533c43f13f59bd295c664c78db5bcdce1102fa |
| SHA256 | 4cdfd49468ae78544c9d1cb932c915141eedc4738c48a132fbab57203b2cd504 |
| SHA512 | 87f349b41e1c175bc486506df554adf0ce99a257ea3d3dadf003cf305596b23870c7334b71717bd6ebf9a69e0cabe04e16ce06f6ea1e683c8db751b2a2f72525 |
C:\Program Files (x86)\suybjimpxztchbysipmosvdcgj.tnw
| MD5 | 1931bbea9661362ba2ff96dfdd5a90de |
| SHA1 | f79d0a1ba27365082a33e489953b84ad316809ac |
| SHA256 | f6d84a0472cf9e2e10b4fcb54e6d1852725517a0be632a910ade7e48c4e5952f |
| SHA512 | ae3d9eb6ba87a069f29fbfcda9de4204410f49871868c175fc5d0e341c4b4a3f0b846345409045ecb07f576d52ac79b0b523611aa07466cd5291f5535f35e715 |