Analysis Overview
SHA256
23500abd545b632364da058b1e9fa90a6c5377fd39266246bee94b0be750775a
Threat Level: Known bad
The file JaffaCakes118_c940916a51510ded99612bd93114de0d was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Pykspa family
Modifies WinLogon for persistence
Pykspa
Detect Pykspa worm
Adds policy Run key to start application
Disables RegEdit via registry modification
Impair Defenses: Safe Mode Boot
Checks computer location settings
Executes dropped EXE
Checks whether UAC is enabled
Hijack Execution Flow: Executable Installer File Permissions Weakness
Adds Run key to start application
Looks up external IP address via web service
Drops file in System32 directory
Drops autorun.inf file
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
System policy modification
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-21 12:23
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2025-04-21 12:23
Reported
2025-04-21 12:26
Platform
win11-20250410-en
Max time kernel
83s
Max time network
151s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbbmgwsfdrqikcznxu.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "vnoavmjxwllehaynywz.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xruifyxnofhchcctgglfi.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqatidpmzxopgcpy.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "brqatidpmzxopgcpy.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ibdqmecrrhicgazpbaex.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "kbbmgwsfdrqikcznxu.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "vnoavmjxwllehaynywz.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "vnoavmjxwllehaynywz.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "ujhqiwqbxjgwwmht.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqatidpmzxopgcpy.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xruifyxnofhchcctgglfi.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "ujhqiwqbxjgwwmht.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbbmgwsfdrqikcznxu.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "ibdqmecrrhicgazpbaex.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "ibdqmecrrhicgazpbaex.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqatidpmzxopgcpy.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ibdqmecrrhicgazpbaex.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "vnoavmjxwllehaynywz.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbbmgwsfdrqikcznxu.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ibdqmecrrhicgazpbaex.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbbmgwsfdrqikcznxu.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "ibdqmecrrhicgazpbaex.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "kbbmgwsfdrqikcznxu.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "vnoavmjxwllehaynywz.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbbmgwsfdrqikcznxu.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "xruifyxnofhchcctgglfi.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "ibdqmecrrhicgazpbaex.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "ujhqiwqbxjgwwmht.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "vnoavmjxwllehaynywz.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ibdqmecrrhicgazpbaex.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbbmgwsfdrqikcznxu.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ibdqmecrrhicgazpbaex.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "kbbmgwsfdrqikcznxu.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "vnoavmjxwllehaynywz.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "brqatidpmzxopgcpy.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ibdqmecrrhicgazpbaex.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnoavmjxwllehaynywz.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "brqatidpmzxopgcpy.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqatidpmzxopgcpy.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "ibdqmecrrhicgazpbaex.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ibdqmecrrhicgazpbaex.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "vnoavmjxwllehaynywz.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnoavmjxwllehaynywz.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vbqqzep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xruifyxnofhchcctgglfi.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\udvyksglbh = "ibdqmecrrhicgazpbaex.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lxsynypxqztgd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnoavmjxwllehaynywz.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Run\pzswjshneld = "ibdqmecrrhicgazpbaex.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bjacnuhla = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnoavmjxwllehaynywz.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Run\pzswjshneld = "xruifyxnofhchcctgglfi.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lxsynypxqztgd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ujhqiwqbxjgwwmht.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lxsynypxqztgd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ibdqmecrrhicgazpbaex.exe ." | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Run\krhisykn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xruifyxnofhchcctgglfi.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Run\krhisykn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqatidpmzxopgcpy.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mzvcsewfzjesqe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbbmgwsfdrqikcznxu.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bjacnuhla = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xruifyxnofhchcctgglfi.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\krhisykn = "brqatidpmzxopgcpy.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Run\krhisykn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqatidpmzxopgcpy.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mzvcsewfzjesqe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqatidpmzxopgcpy.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mzvcsewfzjesqe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqatidpmzxopgcpy.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lxsynypxqztgd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xruifyxnofhchcctgglfi.exe ." | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bjacnuhla = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqatidpmzxopgcpy.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bjacnuhla = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnoavmjxwllehaynywz.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mzvcsewfzjesqe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqatidpmzxopgcpy.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\krhisykn = "ujhqiwqbxjgwwmht.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Run\pzswjshneld = "ibdqmecrrhicgazpbaex.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\mxrwkukrjrkw = "ujhqiwqbxjgwwmht.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bjacnuhla = "ibdqmecrrhicgazpbaex.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mzvcsewfzjesqe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xruifyxnofhchcctgglfi.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Run\krhisykn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ujhqiwqbxjgwwmht.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mzvcsewfzjesqe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ibdqmecrrhicgazpbaex.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mzvcsewfzjesqe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnoavmjxwllehaynywz.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bjacnuhla = "ujhqiwqbxjgwwmht.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\mxrwkukrjrkw = "kbbmgwsfdrqikcznxu.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\mxrwkukrjrkw = "ibdqmecrrhicgazpbaex.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mzvcsewfzjesqe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnoavmjxwllehaynywz.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\mxrwkukrjrkw = "kbbmgwsfdrqikcznxu.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\krhisykn = "ujhqiwqbxjgwwmht.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mzvcsewfzjesqe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqatidpmzxopgcpy.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Run\pzswjshneld = "ibdqmecrrhicgazpbaex.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\krhisykn = "kbbmgwsfdrqikcznxu.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bjacnuhla = "brqatidpmzxopgcpy.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\krhisykn = "kbbmgwsfdrqikcznxu.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lxsynypxqztgd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ibdqmecrrhicgazpbaex.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bjacnuhla = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbbmgwsfdrqikcznxu.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Run\krhisykn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ibdqmecrrhicgazpbaex.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lxsynypxqztgd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqatidpmzxopgcpy.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mzvcsewfzjesqe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ujhqiwqbxjgwwmht.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\krhisykn = "xruifyxnofhchcctgglfi.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\mxrwkukrjrkw = "ibdqmecrrhicgazpbaex.exe ." | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bjacnuhla = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xruifyxnofhchcctgglfi.exe ." | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bjacnuhla = "brqatidpmzxopgcpy.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Run\pzswjshneld = "brqatidpmzxopgcpy.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\krhisykn = "ujhqiwqbxjgwwmht.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\krhisykn = "xruifyxnofhchcctgglfi.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mzvcsewfzjesqe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xruifyxnofhchcctgglfi.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Run\pzswjshneld = "kbbmgwsfdrqikcznxu.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\mxrwkukrjrkw = "kbbmgwsfdrqikcznxu.exe ." | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\krhisykn = "kbbmgwsfdrqikcznxu.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lxsynypxqztgd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnoavmjxwllehaynywz.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bjacnuhla = "xruifyxnofhchcctgglfi.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bjacnuhla = "ujhqiwqbxjgwwmht.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lxsynypxqztgd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnoavmjxwllehaynywz.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\bjacnuhla = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnoavmjxwllehaynywz.exe ." | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Run\krhisykn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbbmgwsfdrqikcznxu.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lxsynypxqztgd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ujhqiwqbxjgwwmht.exe ." | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\krhisykn = "brqatidpmzxopgcpy.exe" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\mxrwkukrjrkw = "ujhqiwqbxjgwwmht.exe ." | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Software\Microsoft\Windows\CurrentVersion\Run\pzswjshneld = "ibdqmecrrhicgazpbaex.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\krhisykn = "vnoavmjxwllehaynywz.exe" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\brqatidpmzxopgcpy.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojncauulnfiekghznoupti.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnoavmjxwllehaynywz.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojncauulnfiekghznoupti.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbbmgwsfdrqikcznxu.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbbmgwsfdrqikcznxu.exe | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbbmgwsfdrqikcznxu.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brqatidpmzxopgcpy.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbbmgwsfdrqikcznxu.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xruifyxnofhchcctgglfi.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbbmgwsfdrqikcznxu.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojncauulnfiekghznoupti.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnoavmjxwllehaynywz.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ibdqmecrrhicgazpbaex.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbbmgwsfdrqikcznxu.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xruifyxnofhchcctgglfi.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnoavmjxwllehaynywz.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojncauulnfiekghznoupti.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xruifyxnofhchcctgglfi.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojncauulnfiekghznoupti.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brqatidpmzxopgcpy.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brqatidpmzxopgcpy.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xruifyxnofhchcctgglfi.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnoavmjxwllehaynywz.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojncauulnfiekghznoupti.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnoavmjxwllehaynywz.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojncauulnfiekghznoupti.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbbmgwsfdrqikcznxu.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnoavmjxwllehaynywz.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojncauulnfiekghznoupti.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnoavmjxwllehaynywz.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ibdqmecrrhicgazpbaex.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojncauulnfiekghznoupti.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xruifyxnofhchcctgglfi.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbbmgwsfdrqikcznxu.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ibdqmecrrhicgazpbaex.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brqatidpmzxopgcpy.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brqatidpmzxopgcpy.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbbmgwsfdrqikcznxu.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xruifyxnofhchcctgglfi.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xruifyxnofhchcctgglfi.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brqatidpmzxopgcpy.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnoavmjxwllehaynywz.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ibdqmecrrhicgazpbaex.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xruifyxnofhchcctgglfi.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ibdqmecrrhicgazpbaex.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ibdqmecrrhicgazpbaex.exe | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojncauulnfiekghznoupti.exe | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnoavmjxwllehaynywz.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnoavmjxwllehaynywz.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brqatidpmzxopgcpy.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yxfyaycxdzggqqvrjoyxfy.ycx | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\pzswjshneldojukrukfpimzixdubtezka.kav | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\yxfyaycxdzggqqvrjoyxfy.ycx | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| File created | C:\Program Files (x86)\yxfyaycxdzggqqvrjoyxfy.ycx | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\pzswjshneldojukrukfpimzixdubtezka.kav | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\ibdqmecrrhicgazpbaex.exe | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| File opened for modification | C:\Windows\brqatidpmzxopgcpy.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\xruifyxnofhchcctgglfi.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\kbbmgwsfdrqikcznxu.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\xruifyxnofhchcctgglfi.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\brqatidpmzxopgcpy.exe | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| File opened for modification | C:\Windows\kbbmgwsfdrqikcznxu.exe | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| File opened for modification | C:\Windows\pzswjshneldojukrukfpimzixdubtezka.kav | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| File opened for modification | C:\Windows\kbbmgwsfdrqikcznxu.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\vnoavmjxwllehaynywz.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\brqatidpmzxopgcpy.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\vnoavmjxwllehaynywz.exe | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| File opened for modification | C:\Windows\ojncauulnfiekghznoupti.exe | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| File opened for modification | C:\Windows\kbbmgwsfdrqikcznxu.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\kbbmgwsfdrqikcznxu.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ojncauulnfiekghznoupti.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ibdqmecrrhicgazpbaex.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ojncauulnfiekghznoupti.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\kbbmgwsfdrqikcznxu.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ibdqmecrrhicgazpbaex.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ibdqmecrrhicgazpbaex.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ojncauulnfiekghznoupti.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\xruifyxnofhchcctgglfi.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ojncauulnfiekghznoupti.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\brqatidpmzxopgcpy.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\xruifyxnofhchcctgglfi.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\vnoavmjxwllehaynywz.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ojncauulnfiekghznoupti.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\xruifyxnofhchcctgglfi.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\brqatidpmzxopgcpy.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ibdqmecrrhicgazpbaex.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\kbbmgwsfdrqikcznxu.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ojncauulnfiekghznoupti.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ujhqiwqbxjgwwmht.exe | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| File opened for modification | C:\Windows\xruifyxnofhchcctgglfi.exe | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| File opened for modification | C:\Windows\ibdqmecrrhicgazpbaex.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\brqatidpmzxopgcpy.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ibdqmecrrhicgazpbaex.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\vnoavmjxwllehaynywz.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ibdqmecrrhicgazpbaex.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\kbbmgwsfdrqikcznxu.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\xruifyxnofhchcctgglfi.exe | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| File opened for modification | C:\Windows\xruifyxnofhchcctgglfi.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\kbbmgwsfdrqikcznxu.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\xruifyxnofhchcctgglfi.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\brqatidpmzxopgcpy.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ojncauulnfiekghznoupti.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ibdqmecrrhicgazpbaex.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\vnoavmjxwllehaynywz.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File created | C:\Windows\yxfyaycxdzggqqvrjoyxfy.ycx | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| File opened for modification | C:\Windows\kbbmgwsfdrqikcznxu.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\kbbmgwsfdrqikcznxu.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\ojncauulnfiekghznoupti.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| File opened for modification | C:\Windows\vnoavmjxwllehaynywz.exe | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xruifyxnofhchcctgglfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kbbmgwsfdrqikcznxu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vnoavmjxwllehaynywz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\brqatidpmzxopgcpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xruifyxnofhchcctgglfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kbbmgwsfdrqikcznxu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ibdqmecrrhicgazpbaex.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vnoavmjxwllehaynywz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xruifyxnofhchcctgglfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ujhqiwqbxjgwwmht.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ujhqiwqbxjgwwmht.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vnoavmjxwllehaynywz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\brqatidpmzxopgcpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\brqatidpmzxopgcpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\brqatidpmzxopgcpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c940916a51510ded99612bd93114de0d.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kbbmgwsfdrqikcznxu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xruifyxnofhchcctgglfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\brqatidpmzxopgcpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xruifyxnofhchcctgglfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vnoavmjxwllehaynywz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xruifyxnofhchcctgglfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ujhqiwqbxjgwwmht.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\brqatidpmzxopgcpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ujhqiwqbxjgwwmht.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ibdqmecrrhicgazpbaex.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ibdqmecrrhicgazpbaex.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vnoavmjxwllehaynywz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xruifyxnofhchcctgglfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xruifyxnofhchcctgglfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\kbbmgwsfdrqikcznxu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xbomt.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c940916a51510ded99612bd93114de0d.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c940916a51510ded99612bd93114de0d.exe"
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c940916a51510ded99612bd93114de0d.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe .
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ibdqmecrrhicgazpbaex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe .
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ujhqiwqbxjgwwmht.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\vnoavmjxwllehaynywz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\brqatidpmzxopgcpy.exe*."
C:\Users\Admin\AppData\Local\Temp\xbomt.exe
"C:\Users\Admin\AppData\Local\Temp\xbomt.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c940916a51510ded99612bd93114de0d.exe"
C:\Users\Admin\AppData\Local\Temp\xbomt.exe
"C:\Users\Admin\AppData\Local\Temp\xbomt.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c940916a51510ded99612bd93114de0d.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe .
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe .
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\xruifyxnofhchcctgglfi.exe*."
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe .
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe .
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\vnoavmjxwllehaynywz.exe*."
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\vnoavmjxwllehaynywz.exe*."
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ujhqiwqbxjgwwmht.exe*."
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ujhqiwqbxjgwwmht.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ujhqiwqbxjgwwmht.exe*."
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe .
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe .
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\xruifyxnofhchcctgglfi.exe*."
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe .
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ibdqmecrrhicgazpbaex.exe*."
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe .
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe .
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\brqatidpmzxopgcpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\vnoavmjxwllehaynywz.exe*."
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\vnoavmjxwllehaynywz.exe*."
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ujhqiwqbxjgwwmht.exe*."
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ibdqmecrrhicgazpbaex.exe*."
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ujhqiwqbxjgwwmht.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\kbbmgwsfdrqikcznxu.exe*."
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ibdqmecrrhicgazpbaex.exe*."
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\vnoavmjxwllehaynywz.exe*."
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\brqatidpmzxopgcpy.exe*."
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\vnoavmjxwllehaynywz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe .
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ujhqiwqbxjgwwmht.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\brqatidpmzxopgcpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\vnoavmjxwllehaynywz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe .
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\vnoavmjxwllehaynywz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe .
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\xruifyxnofhchcctgglfi.exe*."
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ujhqiwqbxjgwwmht.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe .
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ibdqmecrrhicgazpbaex.exe*."
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe .
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ujhqiwqbxjgwwmht.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\vnoavmjxwllehaynywz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe .
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\vnoavmjxwllehaynywz.exe*."
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe .
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ujhqiwqbxjgwwmht.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\vnoavmjxwllehaynywz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\vnoavmjxwllehaynywz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe .
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe .
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\brqatidpmzxopgcpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ujhqiwqbxjgwwmht.exe*."
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\brqatidpmzxopgcpy.exe*."
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\xruifyxnofhchcctgglfi.exe*."
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\brqatidpmzxopgcpy.exe*."
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\vnoavmjxwllehaynywz.exe*."
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\vnoavmjxwllehaynywz.exe*."
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ujhqiwqbxjgwwmht.exe*."
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ibdqmecrrhicgazpbaex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe .
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\xruifyxnofhchcctgglfi.exe*."
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe .
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\vnoavmjxwllehaynywz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ujhqiwqbxjgwwmht.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe .
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\brqatidpmzxopgcpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\brqatidpmzxopgcpy.exe*."
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\brqatidpmzxopgcpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe .
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ibdqmecrrhicgazpbaex.exe*."
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe .
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ibdqmecrrhicgazpbaex.exe*."
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\brqatidpmzxopgcpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe .
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ujhqiwqbxjgwwmht.exe*."
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ibdqmecrrhicgazpbaex.exe*."
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ibdqmecrrhicgazpbaex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\vnoavmjxwllehaynywz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe .
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ibdqmecrrhicgazpbaex.exe*."
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe .
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\vnoavmjxwllehaynywz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe .
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\xruifyxnofhchcctgglfi.exe*."
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe .
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe .
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ujhqiwqbxjgwwmht.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\vnoavmjxwllehaynywz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe .
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe .
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ibdqmecrrhicgazpbaex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ibdqmecrrhicgazpbaex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\xruifyxnofhchcctgglfi.exe*."
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\brqatidpmzxopgcpy.exe*."
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\vnoavmjxwllehaynywz.exe*."
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\kbbmgwsfdrqikcznxu.exe*."
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\kbbmgwsfdrqikcznxu.exe*."
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\brqatidpmzxopgcpy.exe*."
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe .
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\brqatidpmzxopgcpy.exe*."
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ujhqiwqbxjgwwmht.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\vnoavmjxwllehaynywz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ujhqiwqbxjgwwmht.exe*."
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe .
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\brqatidpmzxopgcpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\brqatidpmzxopgcpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\brqatidpmzxopgcpy.exe*."
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe .
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\brqatidpmzxopgcpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe .
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ujhqiwqbxjgwwmht.exe*."
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe .
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\xruifyxnofhchcctgglfi.exe*."
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\brqatidpmzxopgcpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe .
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ujhqiwqbxjgwwmht.exe*."
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ujhqiwqbxjgwwmht.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\xruifyxnofhchcctgglfi.exe*."
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ibdqmecrrhicgazpbaex.exe*."
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\vnoavmjxwllehaynywz.exe*."
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ibdqmecrrhicgazpbaex.exe*."
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\xruifyxnofhchcctgglfi.exe*."
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ujhqiwqbxjgwwmht.exe*."
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ibdqmecrrhicgazpbaex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ibdqmecrrhicgazpbaex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe .
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ujhqiwqbxjgwwmht.exe*."
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe .
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe .
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe .
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\vnoavmjxwllehaynywz.exe*."
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\vnoavmjxwllehaynywz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\vnoavmjxwllehaynywz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\brqatidpmzxopgcpy.exe*."
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ujhqiwqbxjgwwmht.exe*."
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\brqatidpmzxopgcpy.exe*."
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\brqatidpmzxopgcpy.exe*."
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\brqatidpmzxopgcpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe .
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\vnoavmjxwllehaynywz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\brqatidpmzxopgcpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe .
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\brqatidpmzxopgcpy.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe .
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ibdqmecrrhicgazpbaex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\vnoavmjxwllehaynywz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\vnoavmjxwllehaynywz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe .
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe .
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\brqatidpmzxopgcpy.exe*."
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\vnoavmjxwllehaynywz.exe*."
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ujhqiwqbxjgwwmht.exe*."
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ujhqiwqbxjgwwmht.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ujhqiwqbxjgwwmht.exe*."
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe .
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\brqatidpmzxopgcpy.exe*."
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ibdqmecrrhicgazpbaex.exe*."
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ujhqiwqbxjgwwmht.exe*."
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\vnoavmjxwllehaynywz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ujhqiwqbxjgwwmht.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe .
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\brqatidpmzxopgcpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe .
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ibdqmecrrhicgazpbaex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ujhqiwqbxjgwwmht.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe .
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\vnoavmjxwllehaynywz.exe*."
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe .
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\vnoavmjxwllehaynywz.exe*."
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ibdqmecrrhicgazpbaex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe .
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\brqatidpmzxopgcpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe .
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\vnoavmjxwllehaynywz.exe*."
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ujhqiwqbxjgwwmht.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\vnoavmjxwllehaynywz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe .
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe .
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\vnoavmjxwllehaynywz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ibdqmecrrhicgazpbaex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe .
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe .
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\brqatidpmzxopgcpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\vnoavmjxwllehaynywz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\brqatidpmzxopgcpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe .
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\xruifyxnofhchcctgglfi.exe*."
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe .
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\xruifyxnofhchcctgglfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ibdqmecrrhicgazpbaex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe .
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe .
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xruifyxnofhchcctgglfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ibdqmecrrhicgazpbaex.exe*."
C:\Windows\xruifyxnofhchcctgglfi.exe
xruifyxnofhchcctgglfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ujhqiwqbxjgwwmht.exe*."
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\brqatidpmzxopgcpy.exe*."
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\brqatidpmzxopgcpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xruifyxnofhchcctgglfi.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\xruifyxnofhchcctgglfi.exe*."
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe
C:\Users\Admin\AppData\Local\Temp\kbbmgwsfdrqikcznxu.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\brqatidpmzxopgcpy.exe*."
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\ujhqiwqbxjgwwmht.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\kbbmgwsfdrqikcznxu.exe*."
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe
C:\Users\Admin\AppData\Local\Temp\vnoavmjxwllehaynywz.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ujhqiwqbxjgwwmht.exe*."
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\vnoavmjxwllehaynywz.exe*."
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\ujhqiwqbxjgwwmht.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ujhqiwqbxjgwwmht.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibdqmecrrhicgazpbaex.exe
C:\Windows\ibdqmecrrhicgazpbaex.exe
ibdqmecrrhicgazpbaex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kbbmgwsfdrqikcznxu.exe .
C:\Windows\kbbmgwsfdrqikcznxu.exe
kbbmgwsfdrqikcznxu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ujhqiwqbxjgwwmht.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\kbbmgwsfdrqikcznxu.exe*."
C:\Windows\ujhqiwqbxjgwwmht.exe
ujhqiwqbxjgwwmht.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe .
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\windows\brqatidpmzxopgcpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\brqatidpmzxopgcpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Users\Admin\AppData\Local\Temp\brqatidpmzxopgcpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe
C:\Users\Admin\AppData\Local\Temp\ibdqmecrrhicgazpbaex.exe .
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
"C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe" "c:\users\admin\appdata\local\temp\ibdqmecrrhicgazpbaex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vnoavmjxwllehaynywz.exe
C:\Windows\vnoavmjxwllehaynywz.exe
vnoavmjxwllehaynywz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqatidpmzxopgcpy.exe .
C:\Windows\brqatidpmzxopgcpy.exe
brqatidpmzxopgcpy.exe .
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| DE | 142.250.181.196:80 | www.google.com | tcp |
| MD | 178.168.50.42:31596 | tcp | |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| MD | 178.168.50.42:31596 | tcp | |
| US | 8.8.8.8:53 | piltbovqlfd.info | udp |
| US | 8.8.8.8:53 | udlstbbbnv.net | udp |
| ES | 82.98.135.44:80 | sociga.org | tcp |
| US | 8.8.8.8:53 | tlrvmx.net | udp |
| US | 8.8.8.8:53 | wasasacsas.org | udp |
| US | 8.8.8.8:53 | nwdcdhnlvb.info | udp |
| US | 8.8.8.8:53 | qwzokydmf.net | udp |
| US | 8.8.8.8:53 | kcpklmfl.info | udp |
| US | 8.8.8.8:53 | zbdopgfag.org | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | rskbcv.info | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | amhgyanwm.info | udp |
| US | 8.8.8.8:53 | yjlsjglyt.info | udp |
| US | 8.8.8.8:53 | sqzurfx.net | udp |
| US | 8.8.8.8:53 | bgmsfpzk.net | udp |
| US | 8.8.8.8:53 | hgqozgyaplm.net | udp |
| US | 8.8.8.8:53 | hgtwwotr.net | udp |
| US | 8.8.8.8:53 | begivrkoxbi.info | udp |
| US | 8.8.8.8:53 | rinsjbzocndh.info | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | pjomcj.net | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | hqekff.info | udp |
| US | 8.8.8.8:53 | robammlhw.net | udp |
| US | 8.8.8.8:53 | hvmmnzl.org | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | uhfqljdhdr.info | udp |
| US | 8.8.8.8:53 | tmfdrqxojeb.org | udp |
| US | 8.8.8.8:53 | zugbedrtbm.net | udp |
| US | 8.8.8.8:53 | bgywghag.info | udp |
| US | 8.8.8.8:53 | xdfjnszdrz.net | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | hrzclowol.net | udp |
| US | 8.8.8.8:53 | emnuniy.info | udp |
| US | 8.8.8.8:53 | wlukwtuwiylg.info | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | knwgzqzz.net | udp |
| US | 8.8.8.8:53 | hhegdjniewax.net | udp |
| US | 8.8.8.8:53 | kugblw.info | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | rbxzcgxodwei.info | udp |
| US | 8.8.8.8:53 | pfnwhnkygf.net | udp |
| US | 8.8.8.8:53 | egcssoqe.com | udp |
| US | 8.8.8.8:53 | sdovmqavfrld.net | udp |
| US | 8.8.8.8:53 | urwdwyzxuv.net | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | hyuller.net | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | lguviyyx.net | udp |
| US | 8.8.8.8:53 | fbwabifpbh.info | udp |
| US | 8.8.8.8:53 | qkwoniwiffi.info | udp |
| US | 8.8.8.8:53 | behvvjw.com | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | dwksjuz.org | udp |
| US | 8.8.8.8:53 | kkswcyeq.com | udp |
| US | 8.8.8.8:53 | dgbubanshmj.net | udp |
| US | 8.8.8.8:53 | qndglusk.net | udp |
| US | 8.8.8.8:53 | ouhmywkhjlr.net | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | ywsumsiu.com | udp |
| US | 8.8.8.8:53 | oqeyieiwws.com | udp |
| US | 8.8.8.8:53 | ypxwasyzz.net | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | aeqgoumeeweg.org | udp |
| US | 8.8.8.8:53 | ygblqgsrn.info | udp |
| US | 8.8.8.8:53 | civurjm.net | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | qswifh.info | udp |
| US | 8.8.8.8:53 | qecwdday.net | udp |
| US | 8.8.8.8:53 | wqjarcbelof.info | udp |
| US | 8.8.8.8:53 | bykepb.info | udp |
| US | 8.8.8.8:53 | saqyjoxqhfqd.info | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | azsivhbed.info | udp |
| US | 8.8.8.8:53 | fevpekof.info | udp |
| US | 8.8.8.8:53 | vrnsxayt.info | udp |
| US | 8.8.8.8:53 | uoapkyl.net | udp |
| US | 8.8.8.8:53 | cgzqtowog.info | udp |
| US | 8.8.8.8:53 | mosuokoiqaew.com | udp |
| US | 8.8.8.8:53 | ckbbfpizdmfo.info | udp |
| US | 8.8.8.8:53 | hbmkpt.net | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | jjuvjqhgxwcm.info | udp |
| US | 8.8.8.8:53 | jmxetlsqb.org | udp |
| US | 8.8.8.8:53 | xuaiitdib.com | udp |
| US | 8.8.8.8:53 | xqbqlg.net | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| US | 8.8.8.8:53 | pwbyhgiedcz.com | udp |
| US | 8.8.8.8:53 | wwflbn.net | udp |
| US | 8.8.8.8:53 | pegezo.info | udp |
| US | 8.8.8.8:53 | ntukzwe.com | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | eylhtgqncoy.net | udp |
| US | 8.8.8.8:53 | xtruvapagyu.info | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | vfcuvqvau.net | udp |
| US | 8.8.8.8:53 | cuaqewgmco.com | udp |
| US | 8.8.8.8:53 | xdtptyxdfbmq.net | udp |
| US | 8.8.8.8:53 | zbfpgmgprk.info | udp |
| US | 8.8.8.8:53 | jfjnkp.net | udp |
| US | 8.8.8.8:53 | izsdiokvhb.net | udp |
| US | 8.8.8.8:53 | pvzoenx.net | udp |
| US | 8.8.8.8:53 | hzmjwu.info | udp |
| US | 8.8.8.8:53 | ycqsioqs.org | udp |
| US | 8.8.8.8:53 | giekgyskeiik.org | udp |
| US | 8.8.8.8:53 | uvvirknz.info | udp |
| US | 8.8.8.8:53 | eemskciyamks.com | udp |
| US | 8.8.8.8:53 | mkcgkaac.org | udp |
| US | 8.8.8.8:53 | hsulio.info | udp |
| US | 8.8.8.8:53 | bavppixu.net | udp |
| US | 8.8.8.8:53 | cmieoieocgkc.com | udp |
| US | 8.8.8.8:53 | mrbncerydwf.info | udp |
| US | 8.8.8.8:53 | ggwokqcu.info | udp |
| US | 8.8.8.8:53 | cyseys.com | udp |
| US | 8.8.8.8:53 | fkgritslx.org | udp |
| US | 8.8.8.8:53 | rkpbcmlltej.org | udp |
| US | 8.8.8.8:53 | iwkose.com | udp |
| US | 8.8.8.8:53 | jfkkjw.info | udp |
| US | 8.8.8.8:53 | anpobkamou.info | udp |
| US | 8.8.8.8:53 | mdowkkd.info | udp |
| US | 8.8.8.8:53 | lftavwpghnay.net | udp |
| US | 8.8.8.8:53 | zanxbglov.net | udp |
| US | 8.8.8.8:53 | dtstyn.net | udp |
| US | 8.8.8.8:53 | niynlyncd.info | udp |
| US | 8.8.8.8:53 | gxjrxz.info | udp |
| US | 8.8.8.8:53 | zrlccdiqfqp.info | udp |
| US | 8.8.8.8:53 | zbqtpeerkb.net | udp |
| US | 8.8.8.8:53 | lbysmyvsf.com | udp |
| US | 8.8.8.8:53 | lhkalsoxbxbs.info | udp |
| US | 8.8.8.8:53 | aueabafxsuh.info | udp |
| US | 8.8.8.8:53 | bhlabua.net | udp |
| US | 8.8.8.8:53 | zsnwlezrm.org | udp |
| US | 8.8.8.8:53 | zuwrljtqss.net | udp |
| US | 8.8.8.8:53 | ahohqylx.net | udp |
| US | 8.8.8.8:53 | gfikfcl.net | udp |
| US | 8.8.8.8:53 | uwvwpkf.info | udp |
| US | 8.8.8.8:53 | msieoseq.org | udp |
| US | 8.8.8.8:53 | ceujds.info | udp |
| US | 8.8.8.8:53 | uvlwtqamveh.net | udp |
| US | 8.8.8.8:53 | tmrxnmjrkb.net | udp |
| US | 8.8.8.8:53 | gwzgpmfejib.info | udp |
| US | 8.8.8.8:53 | talwbyj.com | udp |
| US | 8.8.8.8:53 | fgfitdmkxkz.com | udp |
| US | 8.8.8.8:53 | agkkkgaagoog.com | udp |
| US | 8.8.8.8:53 | wgqwxbkuowh.net | udp |
| US | 8.8.8.8:53 | xcbedngyf.com | udp |
| US | 8.8.8.8:53 | bynthivwtx.net | udp |
| US | 8.8.8.8:53 | uomieuwsgywa.com | udp |
| US | 8.8.8.8:53 | fzkrxmam.info | udp |
| US | 8.8.8.8:53 | lebgjn.info | udp |
| US | 8.8.8.8:53 | aijmpvapvc.net | udp |
| US | 8.8.8.8:53 | uxxbxpfirm.info | udp |
| US | 8.8.8.8:53 | fixijml.org | udp |
| US | 8.8.8.8:53 | eklwrsuu.info | udp |
| US | 8.8.8.8:53 | vdsjxbhublny.net | udp |
| US | 8.8.8.8:53 | botaksobzyf.net | udp |
| US | 8.8.8.8:53 | bvrlxiawb.net | udp |
| US | 8.8.8.8:53 | hpizemympz.net | udp |
| US | 8.8.8.8:53 | ncngoqugjkv.net | udp |
| US | 8.8.8.8:53 | uuooyqumoq.org | udp |
| US | 8.8.8.8:53 | rzdxhawz.info | udp |
| US | 8.8.8.8:53 | bujydax.net | udp |
| US | 8.8.8.8:53 | guftbyn.net | udp |
| US | 8.8.8.8:53 | qhewjij.net | udp |
| US | 8.8.8.8:53 | dwkcrend.info | udp |
| US | 8.8.8.8:53 | egaeaaaowkgg.com | udp |
| US | 8.8.8.8:53 | lhqijd.net | udp |
| US | 8.8.8.8:53 | amvhpcrl.net | udp |
| US | 8.8.8.8:53 | sxsydftugfl.net | udp |
| US | 8.8.8.8:53 | qoluxcicfjb.info | udp |
| US | 8.8.8.8:53 | ucyyauoy.org | udp |
| US | 8.8.8.8:53 | arrksr.info | udp |
| US | 8.8.8.8:53 | dddojxdkt.info | udp |
| US | 8.8.8.8:53 | qclkbwh.info | udp |
| US | 8.8.8.8:53 | msoiygcw.org | udp |
| US | 8.8.8.8:53 | teuufipozon.org | udp |
| US | 8.8.8.8:53 | ilbuxgg.net | udp |
| US | 8.8.8.8:53 | jntxuexoq.net | udp |
| US | 8.8.8.8:53 | rrflqt.info | udp |
| US | 8.8.8.8:53 | dlgplkngr.info | udp |
| US | 8.8.8.8:53 | bmxdra.net | udp |
| US | 8.8.8.8:53 | jexeggp.info | udp |
| US | 8.8.8.8:53 | rgbcprqwglca.info | udp |
| US | 8.8.8.8:53 | awtrjqbmv.net | udp |
| US | 8.8.8.8:53 | uijutweml.info | udp |
| US | 8.8.8.8:53 | tcmyprl.org | udp |
| US | 8.8.8.8:53 | bgknufqxrr.net | udp |
| US | 8.8.8.8:53 | cydgbr.net | udp |
| US | 8.8.8.8:53 | ejpdqikairvo.info | udp |
| US | 8.8.8.8:53 | lefcimnpbcw.net | udp |
| US | 8.8.8.8:53 | epmvsjkgcypv.info | udp |
| US | 8.8.8.8:53 | zaheatxxrlb.net | udp |
| US | 8.8.8.8:53 | hrhxvw.net | udp |
| US | 8.8.8.8:53 | ssgqsckw.com | udp |
| US | 8.8.8.8:53 | tzeoljmx.net | udp |
| US | 8.8.8.8:53 | paaidistdbtq.net | udp |
| US | 8.8.8.8:53 | eqskuitr.net | udp |
| US | 8.8.8.8:53 | cxritgbkwiqj.net | udp |
| US | 8.8.8.8:53 | eaeeqk.org | udp |
| US | 8.8.8.8:53 | tbvxhkoasb.info | udp |
| US | 8.8.8.8:53 | uexcfyd.info | udp |
| US | 8.8.8.8:53 | wfrqxpvej.net | udp |
| US | 8.8.8.8:53 | xflrdxdu.net | udp |
| US | 8.8.8.8:53 | idmevs.info | udp |
| US | 8.8.8.8:53 | llvcwyqgiy.info | udp |
| US | 8.8.8.8:53 | gptaoesms.net | udp |
| US | 8.8.8.8:53 | yabgjuiyvpj.net | udp |
| US | 8.8.8.8:53 | emjwobloydp.net | udp |
| US | 8.8.8.8:53 | jwlskujozdq.com | udp |
| US | 8.8.8.8:53 | ymaawysgye.com | udp |
| US | 8.8.8.8:53 | mrrhvip.net | udp |
| US | 8.8.8.8:53 | eidweipmccj.net | udp |
| US | 8.8.8.8:53 | yqtafgfohsp.net | udp |
| US | 8.8.8.8:53 | aoqcohkuksfx.info | udp |
| US | 8.8.8.8:53 | woeoaqumey.com | udp |
| US | 8.8.8.8:53 | adfyesnezgd.info | udp |
| US | 8.8.8.8:53 | ehmkhp.net | udp |
| US | 8.8.8.8:53 | nrpqjt.info | udp |
| US | 8.8.8.8:53 | xehudwfktlj.info | udp |
| US | 8.8.8.8:53 | wyvccqhyhyl.net | udp |
| US | 8.8.8.8:53 | fvqyfimtluav.net | udp |
| US | 8.8.8.8:53 | qmxgxwtqoan.info | udp |
| US | 8.8.8.8:53 | nvcfunplg.org | udp |
| US | 8.8.8.8:53 | lktgnxez.info | udp |
| US | 8.8.8.8:53 | xrxadkxki.com | udp |
| US | 8.8.8.8:53 | uqbhmbokfqr.net | udp |
| US | 8.8.8.8:53 | qgooeigi.com | udp |
| US | 8.8.8.8:53 | lkngjoezjnq.com | udp |
| US | 8.8.8.8:53 | kapgkkhqpmr.info | udp |
| US | 8.8.8.8:53 | cojtdsnev.info | udp |
| US | 8.8.8.8:53 | srbwimxsnx.net | udp |
| US | 8.8.8.8:53 | vqoovoqtl.org | udp |
| US | 8.8.8.8:53 | wrbgtg.info | udp |
| US | 8.8.8.8:53 | ozxwvmtjlc.info | udp |
| US | 8.8.8.8:53 | xbfhtyff.info | udp |
| US | 8.8.8.8:53 | diryrxcmd.info | udp |
| US | 8.8.8.8:53 | cseomiaumgcq.com | udp |
| US | 8.8.8.8:53 | vsswekgnat.info | udp |
| US | 8.8.8.8:53 | oldsyvr.info | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | dcmglijgb.com | udp |
| US | 8.8.8.8:53 | pinetsredld.net | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | qofqgod.info | udp |
| US | 8.8.8.8:53 | badhmt.net | udp |
| US | 8.8.8.8:53 | eisumi.org | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | avzepmbyh.net | udp |
| US | 8.8.8.8:53 | uaumuuyw.org | udp |
| US | 8.8.8.8:53 | zcjnaizp.info | udp |
| US | 8.8.8.8:53 | kmgynxdaj.info | udp |
| US | 8.8.8.8:53 | vmqkjur.info | udp |
| US | 8.8.8.8:53 | ovplbv.net | udp |
| US | 8.8.8.8:53 | iyeiiuuioq.com | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
Files
C:\Users\Admin\AppData\Local\Temp\xidoeloehsn.exe
| MD5 | 06aedb342d1b1429c6220b98a5d34b44 |
| SHA1 | fa8a483de5cee3e6c4e12c825f001e84c6359e77 |
| SHA256 | f8304c8d806a881ff1ebc0c18b162f9e8a1dcd4829682efb92b6d5c12c21cd8b |
| SHA512 | d6dc56e6f6f4ee32800b93057ced5da7ee361f1f172985e640f6485554d82aaafa97bddb4add76d13c90967fc8323074ede4ff218525c1612ff9c51c9e6be2ed |
C:\Windows\SysWOW64\kbbmgwsfdrqikcznxu.exe
| MD5 | c940916a51510ded99612bd93114de0d |
| SHA1 | af052d166386189ab6c14e8e49831b6459c42b5f |
| SHA256 | 23500abd545b632364da058b1e9fa90a6c5377fd39266246bee94b0be750775a |
| SHA512 | 7981e1a0e321645e396b80b9bddc102f901466f85f74bb252bf99088e083033a55a8eaad519b428cd161038a6d32e5a47c44dbc3ec2e2f8dc41cc21c2bd87ef1 |
C:\Users\Admin\AppData\Local\Temp\xbomt.exe
| MD5 | 94fe44c33b3426786e9f80da8fca49cc |
| SHA1 | d74811a3a5a9fa17f3c19fcd25601fdc3d2aaf91 |
| SHA256 | c07020e4dea59e1431387932e218be23478f96804eed9d761190fc72e36fce7d |
| SHA512 | 95954735f8e8de699cc477d61b82da09dcf601313d1ca04888bbdd0916a547ba9dca9e391783266895f4ceb8bc0098d2e1e5f4191c3389f419f125a4546e594a |
C:\Users\Admin\AppData\Local\yxfyaycxdzggqqvrjoyxfy.ycx
| MD5 | 03f7a126523640e6f5c9a630368e22e8 |
| SHA1 | ecff08853e3412d9b977d21e8c0e78df3eb7a88b |
| SHA256 | 698dd85a0deed6b6f62686899046ef29cd0553f932d857bdd9e4bfb4f531fc24 |
| SHA512 | 28979783ab8e31825734a9b58c9fd07013f2f0bc183bd1f35325f2b597cd8b109df9783ef2b4f4a454258b4377cfb52f0dd1e4167439d7b5510b4635e7d20694 |
C:\Users\Admin\AppData\Local\pzswjshneldojukrukfpimzixdubtezka.kav
| MD5 | a60512e18b998a5f4e465a3dc686671d |
| SHA1 | 64f2214f334e35b9e23859703cb262a520fd5dfd |
| SHA256 | 0743046edae013af23027160a86de4725aeb40fbc358a85f2aa752c15cfbfe6d |
| SHA512 | 6edcbc8826bba1c7bd25f662228b0b16a74aec0cbb9a21274e2757305ff4187f6d4f20284ac1a0a558c560c91e8b2374b129a548b8e21cb5b9081455bcb10184 |
C:\Program Files (x86)\yxfyaycxdzggqqvrjoyxfy.ycx
| MD5 | 7fbd9b6926cd467f0c7396e36aa1987a |
| SHA1 | 032a48b6d70cfc537e539d01618b34c7b016f673 |
| SHA256 | 1b9f30934fc2613c17a4903cfc82992bee3589a6407c926f0f5c674a72e16d78 |
| SHA512 | 3727bc825c789c91774c221310d71950a46267788b52cc98c3e4e563082d3f8776dbf5284300d73939d646086bdf40c620fe88e2fd8818b39ffda947bb6e424f |
C:\Program Files (x86)\yxfyaycxdzggqqvrjoyxfy.ycx
| MD5 | d7f192a835cbe8690a11caa25e656372 |
| SHA1 | 0c6950eaead3e5fa0d9ea669164d7fc13405e782 |
| SHA256 | ad15d2e52384d3e9481d77f84d6b73e1495b87a31379a1300a12879aa72bb173 |
| SHA512 | d0c40205b9051eade5330abcd31ec1b3dbf418520d6590d0ce3e3c7b58058fa059b0478017f1c9be6d4d34ef9adaaa17592bb13e82648b154ee5df9de8b42a26 |
C:\Program Files (x86)\yxfyaycxdzggqqvrjoyxfy.ycx
| MD5 | 4c9f7036cebc18473e3cf04af5fffafa |
| SHA1 | 0e7eb358dab620b358bf85565f66bb2017b4e239 |
| SHA256 | a050139e8dc193963a630158375442a5b0dca46c42c9db02079bfa5d90d3c922 |
| SHA512 | 77980ece2ff8358f47ebc8dc0ceeb8128a04879ffa5034199248dabacc42c2640b4b1ad60b8dba2eb6f79215dad16e953017d96e230eed993be64caaa1eedad3 |
C:\Program Files (x86)\yxfyaycxdzggqqvrjoyxfy.ycx
| MD5 | a34b86fe5207c8c471f01bbe8d1f3461 |
| SHA1 | dfc226a2a24101df3e27b2079fd2541fa7ea7e8f |
| SHA256 | b648f0525be8f3098628bac58a13db5a9b7fe433e52626500449a974d7fb134c |
| SHA512 | 17d5660d5523fe844675f9e17d29879a95d86e236eec55589962b9d1bbf291dd4c64dea1e8f2d364e3efbac5a90f34f862b74ac79545be361744194c315d8c94 |
C:\Program Files (x86)\yxfyaycxdzggqqvrjoyxfy.ycx
| MD5 | 5db14073a212e1f89568013b181375fd |
| SHA1 | 6cab57163ad797dea8b4138dcf7fcb2b26cf6462 |
| SHA256 | a9d0803a8a7682d628d196a9e144c866d53f54274fa771b0d209b2075e5000bb |
| SHA512 | 876643c42d444cd01d9eec4fc082bdbb3f880219fda5398ffb8e460239d99e9bdbab1c4513478c2630af3dd427996497668b1eea82823a22339e8bf235126c3e |
C:\Program Files (x86)\yxfyaycxdzggqqvrjoyxfy.ycx
| MD5 | 0fa0d89d61fb6a48de9a42838839ecad |
| SHA1 | 9c71eff791c5b52915b92cb59d3317e8577d0ad8 |
| SHA256 | af471fcc02869ce5c062048732167268b9a82b92d1b3e79b3954e7abacaa7d20 |
| SHA512 | be6945073b248e315abc7f8277fad5f4d51676b0356f089e624f8031b9889f10a9db66521c820104fd568d96c0cb92a3378deb273de45d852c873e99b0148a63 |
C:\Program Files (x86)\yxfyaycxdzggqqvrjoyxfy.ycx
| MD5 | b5c22be196fdd402b466256461fbca3f |
| SHA1 | 77946c8802f5a8b3f0aaa209af88367e703827b6 |
| SHA256 | 5fa3a5ebbd7dd1949ce11bed322cbf8332509589715dd5e2e7f879c083313e11 |
| SHA512 | fcee7e6c58cd13c932f62f56723c10e9bcd295ecbc857f9b346a8629b01b990c6aaa25ed3cec9ad3bb61e330e17cef15cd98214dd97f50f32923e160a84b6c39 |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-21 12:23
Reported
2025-04-21 12:26
Platform
win10v2004-20250314-en
Max time kernel
77s
Max time network
152s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "pavwlfdqqgczblxqdklw.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bizwhxrawiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bizwhxrawiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "cmggunkwvkfbclwoagg.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "cmggunkwvkfbclwoagg.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "cmggunkwvkfbclwoagg.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "pavwlfdqqgczblxqdklw.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\eqmoezymnebzcnauiqsea.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "cmggunkwvkfbclwoagg.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cmggunkwvkfbclwoagg.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ratsfxtecqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pavwlfdqqgczblxqdklw.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "eqmoezymnebzcnauiqsea.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pavwlfdqqgczblxqdklw.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "bizwhxrawiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "pavwlfdqqgczblxqdklw.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "ratsfxtecqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "pavwlfdqqgczblxqdklw.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\eqmoezymnebzcnauiqsea.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "iqigsjeolyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pavwlfdqqgczblxqdklw.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iqigsjeolyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\eqmoezymnebzcnauiqsea.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iqigsjeolyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cmggunkwvkfbclwoagg.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "eqmoezymnebzcnauiqsea.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "pavwlfdqqgczblxqdklw.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "iqigsjeolyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "pavwlfdqqgczblxqdklw.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cmggunkwvkfbclwoagg.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "ratsfxtecqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pavwlfdqqgczblxqdklw.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "bizwhxrawiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "ratsfxtecqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "pavwlfdqqgczblxqdklw.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "iqigsjeolyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cmggunkwvkfbclwoagg.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ratsfxtecqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bizwhxrawiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ratsfxtecqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ratsfxtecqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cmggunkwvkfbclwoagg.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iqigsjeolyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "eqmoezymnebzcnauiqsea.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "iqigsjeolyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\swkemzqwpyndy = "ratsfxtecqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bizwhxrawiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bcnejthkag = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ratsfxtecqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\cmggunkwvkfbclwoagg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\iqigsjeolyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\eqmoezymnebzcnauiqsea.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\pavwlfdqqgczblxqdklw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\cmggunkwvkfbclwoagg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\eqmoezymnebzcnauiqsea.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ratsfxtecqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\eqmoezymnebzcnauiqsea.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ratsfxtecqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ratsfxtecqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c940916a51510ded99612bd93114de0d.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\eqmoezymnebzcnauiqsea.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ratsfxtecqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ratsfxtecqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\pavwlfdqqgczblxqdklw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\iqigsjeolyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\bizwhxrawiatrxfu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ratsfxtecqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\eqmoezymnebzcnauiqsea.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\pavwlfdqqgczblxqdklw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\iqigsjeolyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\cmggunkwvkfbclwoagg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\iqigsjeolyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\iqigsjeolyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\eqmoezymnebzcnauiqsea.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\cmggunkwvkfbclwoagg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\bizwhxrawiatrxfu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\bizwhxrawiatrxfu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\iqigsjeolyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\cmggunkwvkfbclwoagg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\bizwhxrawiatrxfu.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wykcitimdkx = "ratsfxtecqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iqigsjeolyrlkraqa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\eqmoezymnebzcnauiqsea.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bizwhxrawiatrxfu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iqigsjeolyrlkraqa.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wykcitimdkx = "bizwhxrawiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tynirfxeyiyplp = "ratsfxtecqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iqigsjeolyrlkraqa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pavwlfdqqgczblxqdklw.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\twjcjvlqiqet = "C:\\Users\\Admin\\AppData\\Local\\Temp\\eqmoezymnebzcnauiqsea.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wykcitimdkx = "pavwlfdqqgczblxqdklw.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\twjcjvlqiqet = "bizwhxrawiatrxfu.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bizwhxrawiatrxfu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ratsfxtecqkffnxoze.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tynirfxeyiyplp = "eqmoezymnebzcnauiqsea.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wcsoyngojuldafm = "bizwhxrawiatrxfu.exe ." | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wcsoyngojuldafm = "ratsfxtecqkffnxoze.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bizwhxrawiatrxfu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pavwlfdqqgczblxqdklw.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iqigsjeolyrlkraqa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ratsfxtecqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\twjcjvlqiqet = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ratsfxtecqkffnxoze.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wykcitimdkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cmggunkwvkfbclwoagg.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tynirfxeyiyplp = "ratsfxtecqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iqigsjeolyrlkraqa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iqigsjeolyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wykcitimdkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bizwhxrawiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wykcitimdkx = "iqigsjeolyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tynirfxeyiyplp = "ratsfxtecqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wykcitimdkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cmggunkwvkfbclwoagg.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wykcitimdkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\eqmoezymnebzcnauiqsea.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\twjcjvlqiqet = "cmggunkwvkfbclwoagg.exe ." | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wcsoyngojuldafm = "eqmoezymnebzcnauiqsea.exe ." | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\twjcjvlqiqet = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bizwhxrawiatrxfu.exe ." | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\twjcjvlqiqet = "ratsfxtecqkffnxoze.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wykcitimdkx = "eqmoezymnebzcnauiqsea.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bizwhxrawiatrxfu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bizwhxrawiatrxfu.exe ." | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tynirfxeyiyplp = "bizwhxrawiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\twjcjvlqiqet = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cmggunkwvkfbclwoagg.exe ." | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tynirfxeyiyplp = "ratsfxtecqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\twjcjvlqiqet = "C:\\Users\\Admin\\AppData\\Local\\Temp\\eqmoezymnebzcnauiqsea.exe ." | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wykcitimdkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pavwlfdqqgczblxqdklw.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bizwhxrawiatrxfu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iqigsjeolyrlkraqa.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wykcitimdkx = "ratsfxtecqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iqigsjeolyrlkraqa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iqigsjeolyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bizwhxrawiatrxfu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bizwhxrawiatrxfu.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wcsoyngojuldafm = "cmggunkwvkfbclwoagg.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iqigsjeolyrlkraqa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ratsfxtecqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wykcitimdkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ratsfxtecqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wykcitimdkx = "iqigsjeolyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\twjcjvlqiqet = "C:\\Users\\Admin\\AppData\\Local\\Temp\\eqmoezymnebzcnauiqsea.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\twjcjvlqiqet = "iqigsjeolyrlkraqa.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wykcitimdkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cmggunkwvkfbclwoagg.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\twjcjvlqiqet = "eqmoezymnebzcnauiqsea.exe ." | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wcsoyngojuldafm = "eqmoezymnebzcnauiqsea.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tynirfxeyiyplp = "ratsfxtecqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iqigsjeolyrlkraqa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cmggunkwvkfbclwoagg.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bizwhxrawiatrxfu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ratsfxtecqkffnxoze.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iqigsjeolyrlkraqa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bizwhxrawiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bizwhxrawiatrxfu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pavwlfdqqgczblxqdklw.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bizwhxrawiatrxfu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\eqmoezymnebzcnauiqsea.exe ." | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\twjcjvlqiqet = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bizwhxrawiatrxfu.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iqigsjeolyrlkraqa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cmggunkwvkfbclwoagg.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\twjcjvlqiqet = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cmggunkwvkfbclwoagg.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wykcitimdkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pavwlfdqqgczblxqdklw.exe" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wcsoyngojuldafm = "bizwhxrawiatrxfu.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wcsoyngojuldafm = "eqmoezymnebzcnauiqsea.exe ." | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tynirfxeyiyplp = "iqigsjeolyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wykcitimdkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\eqmoezymnebzcnauiqsea.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wykcitimdkx = "bizwhxrawiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\twjcjvlqiqet = "eqmoezymnebzcnauiqsea.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| File created | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| File opened for modification | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\ratsfxtecqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cmggunkwvkfbclwoagg.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vifizvvkmecbfrfapybolo.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iqigsjeolyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cmggunkwvkfbclwoagg.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iqigsjeolyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\eqmoezymnebzcnauiqsea.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pavwlfdqqgczblxqdklw.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pavwlfdqqgczblxqdklw.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bizwhxrawiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pavwlfdqqgczblxqdklw.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cmggunkwvkfbclwoagg.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pavwlfdqqgczblxqdklw.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ratsfxtecqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cmggunkwvkfbclwoagg.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ratsfxtecqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cmggunkwvkfbclwoagg.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ratsfxtecqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pavwlfdqqgczblxqdklw.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iqigsjeolyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bizwhxrawiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\eqmoezymnebzcnauiqsea.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pavwlfdqqgczblxqdklw.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ratsfxtecqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iqigsjeolyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pavwlfdqqgczblxqdklw.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vifizvvkmecbfrfapybolo.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bizwhxrawiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\eqmoezymnebzcnauiqsea.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ratsfxtecqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bizwhxrawiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ratsfxtecqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ratsfxtecqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vifizvvkmecbfrfapybolo.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bizwhxrawiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cmggunkwvkfbclwoagg.exe | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ratsfxtecqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pavwlfdqqgczblxqdklw.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cmggunkwvkfbclwoagg.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bizwhxrawiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\eqmoezymnebzcnauiqsea.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pavwlfdqqgczblxqdklw.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\eqmoezymnebzcnauiqsea.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ratsfxtecqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vifizvvkmecbfrfapybolo.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bizwhxrawiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ratsfxtecqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iqigsjeolyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cmggunkwvkfbclwoagg.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iqigsjeolyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iqigsjeolyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iqigsjeolyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iqigsjeolyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\eqmoezymnebzcnauiqsea.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\eqmoezymnebzcnauiqsea.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\eqmoezymnebzcnauiqsea.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cmggunkwvkfbclwoagg.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iqigsjeolyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vifizvvkmecbfrfapybolo.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cmggunkwvkfbclwoagg.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\eqmoezymnebzcnauiqsea.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vifizvvkmecbfrfapybolo.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File created | C:\Windows\SysWOW64\wcsoyngojuldafmaikgmcyixqytevnkpwksuq.mis | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bizwhxrawiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\wcsoyngojuldafmaikgmcyixqytevnkpwksuq.mis | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| File created | C:\Program Files (x86)\wcsoyngojuldafmaikgmcyixqytevnkpwksuq.mis | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| File opened for modification | C:\Program Files (x86)\vqvgfjroyyelxrnqnepkpazdli.syf | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| File created | C:\Program Files (x86)\vqvgfjroyyelxrnqnepkpazdli.syf | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\ratsfxtecqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\iqigsjeolyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\cmggunkwvkfbclwoagg.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\vifizvvkmecbfrfapybolo.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\vifizvvkmecbfrfapybolo.exe | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| File opened for modification | C:\Windows\eqmoezymnebzcnauiqsea.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ratsfxtecqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\vifizvvkmecbfrfapybolo.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\bizwhxrawiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\iqigsjeolyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\iqigsjeolyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\bizwhxrawiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| File opened for modification | C:\Windows\pavwlfdqqgczblxqdklw.exe | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| File opened for modification | C:\Windows\pavwlfdqqgczblxqdklw.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ratsfxtecqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\cmggunkwvkfbclwoagg.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\vifizvvkmecbfrfapybolo.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\eqmoezymnebzcnauiqsea.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ratsfxtecqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\iqigsjeolyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ratsfxtecqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\bizwhxrawiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| File opened for modification | C:\Windows\bizwhxrawiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\vifizvvkmecbfrfapybolo.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ratsfxtecqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\cmggunkwvkfbclwoagg.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\bizwhxrawiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\vifizvvkmecbfrfapybolo.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\iqigsjeolyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\bizwhxrawiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\cmggunkwvkfbclwoagg.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\vifizvvkmecbfrfapybolo.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\eqmoezymnebzcnauiqsea.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ratsfxtecqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\iqigsjeolyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\eqmoezymnebzcnauiqsea.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\cmggunkwvkfbclwoagg.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\pavwlfdqqgczblxqdklw.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\vifizvvkmecbfrfapybolo.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\eqmoezymnebzcnauiqsea.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\iqigsjeolyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| File opened for modification | C:\Windows\pavwlfdqqgczblxqdklw.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\bizwhxrawiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\eqmoezymnebzcnauiqsea.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\eqmoezymnebzcnauiqsea.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\pavwlfdqqgczblxqdklw.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\bizwhxrawiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\bizwhxrawiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\pavwlfdqqgczblxqdklw.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\eqmoezymnebzcnauiqsea.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ratsfxtecqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\cmggunkwvkfbclwoagg.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ratsfxtecqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\cmggunkwvkfbclwoagg.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\bizwhxrawiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\cmggunkwvkfbclwoagg.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\pavwlfdqqgczblxqdklw.exe | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| File opened for modification | C:\Windows\eqmoezymnebzcnauiqsea.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\vifizvvkmecbfrfapybolo.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\pavwlfdqqgczblxqdklw.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\vqvgfjroyyelxrnqnepkpazdli.syf | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| File opened for modification | C:\Windows\iqigsjeolyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\bizwhxrawiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ratsfxtecqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ratsfxtecqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bizwhxrawiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\iqigsjeolyrlkraqa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ratsfxtecqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pavwlfdqqgczblxqdklw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pavwlfdqqgczblxqdklw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ratsfxtecqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\eqmoezymnebzcnauiqsea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\eqmoezymnebzcnauiqsea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\eqmoezymnebzcnauiqsea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ratsfxtecqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ratsfxtecqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cmggunkwvkfbclwoagg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\eqmoezymnebzcnauiqsea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ratsfxtecqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pavwlfdqqgczblxqdklw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pavwlfdqqgczblxqdklw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cmggunkwvkfbclwoagg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cmggunkwvkfbclwoagg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ratsfxtecqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\eqmoezymnebzcnauiqsea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cmggunkwvkfbclwoagg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ratsfxtecqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\eqmoezymnebzcnauiqsea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ratsfxtecqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cmggunkwvkfbclwoagg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ratsfxtecqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ratsfxtecqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pavwlfdqqgczblxqdklw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ratsfxtecqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\eqmoezymnebzcnauiqsea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bizwhxrawiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\iqigsjeolyrlkraqa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\iqigsjeolyrlkraqa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bizwhxrawiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\eagss.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c940916a51510ded99612bd93114de0d.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c940916a51510ded99612bd93114de0d.exe"
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c940916a51510ded99612bd93114de0d.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe .
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bizwhxrawiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe .
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ratsfxtecqkffnxoze.exe*."
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bizwhxrawiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\eagss.exe
"C:\Users\Admin\AppData\Local\Temp\eagss.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c940916a51510ded99612bd93114de0d.exe"
C:\Users\Admin\AppData\Local\Temp\eagss.exe
"C:\Users\Admin\AppData\Local\Temp\eagss.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c940916a51510ded99612bd93114de0d.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe .
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ratsfxtecqkffnxoze.exe*."
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe .
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bizwhxrawiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\cmggunkwvkfbclwoagg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\eqmoezymnebzcnauiqsea.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\iqigsjeolyrlkraqa.exe*."
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\eqmoezymnebzcnauiqsea.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe .
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe .
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\eqmoezymnebzcnauiqsea.exe*."
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\iqigsjeolyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe .
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe .
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe .
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\cmggunkwvkfbclwoagg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\iqigsjeolyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\cmggunkwvkfbclwoagg.exe*."
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\eqmoezymnebzcnauiqsea.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ratsfxtecqkffnxoze.exe*."
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\pavwlfdqqgczblxqdklw.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ratsfxtecqkffnxoze.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bizwhxrawiatrxfu.exe*."
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe .
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ratsfxtecqkffnxoze.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bizwhxrawiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe .
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe .
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe .
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\eqmoezymnebzcnauiqsea.exe*."
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\cmggunkwvkfbclwoagg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe .
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\iqigsjeolyrlkraqa.exe*."
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe .
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\cmggunkwvkfbclwoagg.exe*."
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe .
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\iqigsjeolyrlkraqa.exe*."
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe .
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe .
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\iqigsjeolyrlkraqa.exe*."
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe .
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\eqmoezymnebzcnauiqsea.exe*."
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bizwhxrawiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe .
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ratsfxtecqkffnxoze.exe*."
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\iqigsjeolyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\iqigsjeolyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe .
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\cmggunkwvkfbclwoagg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe .
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ratsfxtecqkffnxoze.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe .
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\pavwlfdqqgczblxqdklw.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ratsfxtecqkffnxoze.exe*."
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\pavwlfdqqgczblxqdklw.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\iqigsjeolyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bizwhxrawiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\iqigsjeolyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe .
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\cmggunkwvkfbclwoagg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe .
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\iqigsjeolyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\cmggunkwvkfbclwoagg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bizwhxrawiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe .
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe .
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\iqigsjeolyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\eqmoezymnebzcnauiqsea.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\cmggunkwvkfbclwoagg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ratsfxtecqkffnxoze.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bizwhxrawiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bizwhxrawiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ratsfxtecqkffnxoze.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ratsfxtecqkffnxoze.exe*."
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe .
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\cmggunkwvkfbclwoagg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe .
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe .
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\pavwlfdqqgczblxqdklw.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\iqigsjeolyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe .
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe .
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bizwhxrawiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bizwhxrawiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\eqmoezymnebzcnauiqsea.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\iqigsjeolyrlkraqa.exe*."
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bizwhxrawiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bizwhxrawiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\iqigsjeolyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe .
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe .
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bizwhxrawiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bizwhxrawiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\iqigsjeolyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe .
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bizwhxrawiatrxfu.exe*."
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\cmggunkwvkfbclwoagg.exe*."
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe .
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ratsfxtecqkffnxoze.exe*."
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\iqigsjeolyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe .
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\iqigsjeolyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe .
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bizwhxrawiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ratsfxtecqkffnxoze.exe*."
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bizwhxrawiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe .
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\cmggunkwvkfbclwoagg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\eqmoezymnebzcnauiqsea.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ratsfxtecqkffnxoze.exe*."
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ratsfxtecqkffnxoze.exe*."
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe .
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\cmggunkwvkfbclwoagg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe .
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\eqmoezymnebzcnauiqsea.exe*."
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe .
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bizwhxrawiatrxfu.exe*."
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\iqigsjeolyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\iqigsjeolyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ratsfxtecqkffnxoze.exe*."
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe .
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\cmggunkwvkfbclwoagg.exe*."
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe .
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bizwhxrawiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe .
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe .
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\cmggunkwvkfbclwoagg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe .
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ratsfxtecqkffnxoze.exe*."
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bizwhxrawiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe .
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe .
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe .
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bizwhxrawiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe .
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe .
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\cmggunkwvkfbclwoagg.exe*."
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\cmggunkwvkfbclwoagg.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\iqigsjeolyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\iqigsjeolyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\iqigsjeolyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\eqmoezymnebzcnauiqsea.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bizwhxrawiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe .
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\iqigsjeolyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe .
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\cmggunkwvkfbclwoagg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe .
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ratsfxtecqkffnxoze.exe*."
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe .
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bizwhxrawiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bizwhxrawiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe .
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\iqigsjeolyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe .
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bizwhxrawiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bizwhxrawiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe .
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bizwhxrawiatrxfu.exe*."
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\pavwlfdqqgczblxqdklw.exe*."
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe .
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ratsfxtecqkffnxoze.exe*."
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\pavwlfdqqgczblxqdklw.exe*."
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ratsfxtecqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iqigsjeolyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\iqigsjeolyrlkraqa.exe*."
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\eqmoezymnebzcnauiqsea.exe*."
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Windows\iqigsjeolyrlkraqa.exe
iqigsjeolyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\pavwlfdqqgczblxqdklw.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\iqigsjeolyrlkraqa.exe*."
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bizwhxrawiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bizwhxrawiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\cmggunkwvkfbclwoagg.exe*."
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bizwhxrawiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe .
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe .
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Windows\pavwlfdqqgczblxqdklw.exe
pavwlfdqqgczblxqdklw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\eqmoezymnebzcnauiqsea.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\pavwlfdqqgczblxqdklw.exe*."
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe
C:\Users\Admin\AppData\Local\Temp\pavwlfdqqgczblxqdklw.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\pavwlfdqqgczblxqdklw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gbcxjicxolnxjcpwojkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Windows\gbcxjicxolnxjcpwojkf.exe
gbcxjicxolnxjcpwojkf.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tnnhsqjdtpqzkcoulff.exe .
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe .
C:\Windows\tnnhsqjdtpqzkcoulff.exe
tnnhsqjdtpqzkcoulff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ibatdaslavvdnepukd.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\iqigsjeolyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrphqmdvjdcjsiswl.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\tnnhsqjdtpqzkcoulff.exe*."
C:\Windows\ibatdaslavvdnepukd.exe
ibatdaslavvdnepukd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrtpccxtljmxkesatprna.exe
C:\Windows\zrphqmdvjdcjsiswl.exe
zrphqmdvjdcjsiswl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gbcxjicxolnxjcpwojkf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vrtpccxtljmxkesatprna.exe
C:\Users\Admin\AppData\Local\Temp\vrtpccxtljmxkesatprna.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\zrphqmdvjdcjsiswl.exe*."
C:\Users\Admin\AppData\Local\Temp\gbcxjicxolnxjcpwojkf.exe
C:\Users\Admin\AppData\Local\Temp\gbcxjicxolnxjcpwojkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ratsfxtecqkffnxoze.exe
C:\Windows\ratsfxtecqkffnxoze.exe
ratsfxtecqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\gbcxjicxolnxjcpwojkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrphqmdvjdcjsiswl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c eqmoezymnebzcnauiqsea.exe .
C:\Users\Admin\AppData\Local\Temp\zrphqmdvjdcjsiswl.exe
C:\Users\Admin\AppData\Local\Temp\zrphqmdvjdcjsiswl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrphqmdvjdcjsiswl.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\eqmoezymnebzcnauiqsea.exe
eqmoezymnebzcnauiqsea.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\zrphqmdvjdcjsiswl.exe
C:\Users\Admin\AppData\Local\Temp\zrphqmdvjdcjsiswl.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\eqmoezymnebzcnauiqsea.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bizwhxrawiatrxfu.exe .
C:\Windows\cmggunkwvkfbclwoagg.exe
cmggunkwvkfbclwoagg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Windows\bizwhxrawiatrxfu.exe
bizwhxrawiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\zrphqmdvjdcjsiswl.exe*."
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\cmggunkwvkfbclwoagg.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bizwhxrawiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bizwhxrawiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bizwhxrawiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bizwhxrawiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\vbntq.exe
"C:\Users\Admin\AppData\Local\Temp\vbntq.exe" "-c:\windows\pavwlfdqqgczblxqdklw.exe"
C:\Users\Admin\AppData\Local\Temp\vbntq.exe
"C:\Users\Admin\AppData\Local\Temp\vbntq.exe" "-c:\windows\pavwlfdqqgczblxqdklw.exe"
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\iqigsjeolyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pavwlfdqqgczblxqdklw.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| DE | 142.250.181.201:80 | www.blogger.com | tcp |
| MD | 178.168.50.42:31596 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | qikceyaugmiw.com | udp |
| US | 8.8.8.8:53 | sirovuj.info | udp |
| US | 8.8.8.8:53 | uwckxps.info | udp |
| US | 8.8.8.8:53 | uetspfggvki.info | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | mhhwfz.info | udp |
| US | 8.8.8.8:53 | dcmglijgb.com | udp |
| US | 8.8.8.8:53 | rincuwzgu.info | udp |
| US | 8.8.8.8:53 | lgqgeoppr.net | udp |
| US | 8.8.8.8:53 | mrdlsmbibhnd.info | udp |
| US | 8.8.8.8:53 | zgjnxthpviz.info | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | badhmt.net | udp |
| US | 8.8.8.8:53 | pihsnkxel.net | udp |
| US | 8.8.8.8:53 | ockngd.net | udp |
| US | 8.8.8.8:53 | gazllyhanki.info | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | dvcavlbf.info | udp |
| US | 8.8.8.8:53 | hbfuzmpxf.com | udp |
| US | 8.8.8.8:53 | hoeezyywdoz.info | udp |
| US | 8.8.8.8:53 | yokrmgqkpwi.info | udp |
| US | 8.8.8.8:53 | guegeibjgs.info | udp |
| US | 8.8.8.8:53 | ybbtrxy.info | udp |
| MD | 178.168.50.42:31596 | tcp | |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | qgftais.net | udp |
| US | 8.8.8.8:53 | xwhkkybcnwi.org | udp |
| US | 8.8.8.8:53 | jwalnrwfvb.net | udp |
| US | 8.8.8.8:53 | caokygmqsycc.com | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | rtfnutere.org | udp |
| US | 8.8.8.8:53 | mszelkj.net | udp |
| US | 8.8.8.8:53 | harckl.net | udp |
| US | 8.8.8.8:53 | niqhqqr.net | udp |
| US | 8.8.8.8:53 | zzdafaholy.net | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | uuynba.info | udp |
| US | 8.8.8.8:53 | guzbeusup.net | udp |
| US | 8.8.8.8:53 | kuyucamqsueg.org | udp |
| US | 8.8.8.8:53 | smjftulnp.info | udp |
| US | 8.8.8.8:53 | xmtdbqdz.info | udp |
| US | 8.8.8.8:53 | ykjaji.net | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | ybgbrculkg.net | udp |
| US | 8.8.8.8:53 | ngsoxwyc.info | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | cvsyampmbyej.net | udp |
| US | 8.8.8.8:53 | uyzgupbw.net | udp |
| US | 8.8.8.8:53 | iucege.org | udp |
| US | 8.8.8.8:53 | vujucjnybvef.info | udp |
| US | 8.8.8.8:53 | jcvqlzn.com | udp |
| US | 8.8.8.8:53 | ysjizl.info | udp |
| US | 8.8.8.8:53 | kiyzyqtytm.net | udp |
| US | 8.8.8.8:53 | todyvdjzpyt.com | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | tjhyzifra.info | udp |
| US | 8.8.8.8:53 | avbzvrkcvjvh.net | udp |
| US | 8.8.8.8:53 | uaqawegmguog.org | udp |
| US | 8.8.8.8:53 | rpurmovyvp.info | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | litqtolf.net | udp |
| US | 8.8.8.8:53 | lwfypod.com | udp |
| US | 8.8.8.8:53 | trvbni.net | udp |
| US | 8.8.8.8:53 | mgbdtszlrc.net | udp |
| US | 8.8.8.8:53 | soxkamiyx.info | udp |
| US | 8.8.8.8:53 | qmmaac.org | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | ummsvlki.info | udp |
| US | 8.8.8.8:53 | oeciyqag.com | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | yodmvuxapmd.info | udp |
| US | 8.8.8.8:53 | qyooawes.com | udp |
| US | 8.8.8.8:53 | susoqcys.org | udp |
| US | 8.8.8.8:53 | mosouquuecgq.com | udp |
| US | 8.8.8.8:53 | famwstruama.net | udp |
| US | 8.8.8.8:53 | oidktbl.net | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | lofiemv.org | udp |
| US | 8.8.8.8:53 | kjeuyo.net | udp |
| US | 8.8.8.8:53 | zwodof.info | udp |
| US | 8.8.8.8:53 | tuetjetob.org | udp |
| US | 8.8.8.8:53 | oomqjnzehmv.info | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | ltlyzbhylr.net | udp |
| US | 8.8.8.8:53 | mqqacewyyg.org | udp |
| US | 8.8.8.8:53 | csicqeeckooo.org | udp |
| US | 8.8.8.8:53 | kruodbjopqw.info | udp |
| US | 8.8.8.8:53 | vsfohubmkgw.com | udp |
| US | 8.8.8.8:53 | xtrvar.net | udp |
| US | 8.8.8.8:53 | yyqyigakeikq.org | udp |
| US | 8.8.8.8:53 | qejtdzpmtma.net | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | irfrrki.net | udp |
| US | 8.8.8.8:53 | vkmsvoxco.info | udp |
| US | 8.8.8.8:53 | sarrrcncdxd.net | udp |
| US | 8.8.8.8:53 | pdgjlv.info | udp |
| US | 8.8.8.8:53 | mtcxagytnahn.info | udp |
| US | 8.8.8.8:53 | knrgfdzojrjn.info | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | gggwsimoqsuk.com | udp |
| US | 8.8.8.8:53 | nuaohz.info | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | rhyiuyj.net | udp |
| US | 8.8.8.8:53 | sfmyje.net | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | pbxijvqazdzv.net | udp |
| US | 8.8.8.8:53 | vgxmpibov.info | udp |
| US | 8.8.8.8:53 | lhofkm.net | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | mjvtphaadm.net | udp |
| US | 8.8.8.8:53 | fngenjhb.info | udp |
| US | 8.8.8.8:53 | tyagpkb.com | udp |
| US | 8.8.8.8:53 | nktzlhgub.org | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | mthhkjqosx.net | udp |
| US | 8.8.8.8:53 | piltbovqlfd.info | udp |
| US | 8.8.8.8:53 | cwkhmg.info | udp |
| US | 8.8.8.8:53 | dylhcido.net | udp |
| US | 8.8.8.8:53 | xcxrjkbei.net | udp |
| US | 8.8.8.8:53 | fzbhbpln.info | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | gmywye.org | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | ystiykjlzzu.info | udp |
| US | 8.8.8.8:53 | eczfjddmvwqb.info | udp |
| US | 8.8.8.8:53 | hzlwxktkmsl.info | udp |
| US | 8.8.8.8:53 | jsfoltcib.org | udp |
| US | 8.8.8.8:53 | xiawtn.net | udp |
| US | 8.8.8.8:53 | olrxdjpz.info | udp |
| US | 8.8.8.8:53 | pxlyeifrvo.net | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | ykcckoaamy.com | udp |
| US | 8.8.8.8:53 | rlvmlxh.org | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | ximysiprs.org | udp |
| US | 8.8.8.8:53 | dobyzbhfeg.info | udp |
| US | 8.8.8.8:53 | gxtxjkwpjd.info | udp |
| US | 8.8.8.8:53 | udlstbbbnv.net | udp |
| US | 8.8.8.8:53 | rilpnelkd.net | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | hlkdgwbzxhtg.net | udp |
| US | 8.8.8.8:53 | tixfzfn.com | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | qcpxoxfnbu.net | udp |
| US | 8.8.8.8:53 | vvssun.net | udp |
| US | 8.8.8.8:53 | njlsktww.info | udp |
| US | 8.8.8.8:53 | jlxeto.net | udp |
| US | 8.8.8.8:53 | jifghacgp.com | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | istsxkh.net | udp |
| US | 8.8.8.8:53 | bpsdrobofbar.info | udp |
| US | 8.8.8.8:53 | zxrddhxghe.info | udp |
| US | 8.8.8.8:53 | ownirn.net | udp |
| US | 8.8.8.8:53 | pkzevfw.info | udp |
| US | 8.8.8.8:53 | wslkletgzqt.info | udp |
| US | 8.8.8.8:53 | jlrxzfhn.info | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | rbnxhbxoannn.info | udp |
| US | 8.8.8.8:53 | pdgjpshqss.net | udp |
| US | 8.8.8.8:53 | sofndmpsjeu.info | udp |
| US | 8.8.8.8:53 | wjberpyg.info | udp |
| US | 8.8.8.8:53 | dpnlcf.net | udp |
| US | 8.8.8.8:53 | bkvkbiogpsn.com | udp |
| US | 8.8.8.8:53 | kryszotnxlo.net | udp |
| US | 8.8.8.8:53 | ostbpgmikyz.net | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | eqrxsjpuhyc.net | udp |
| US | 8.8.8.8:53 | pbnouk.net | udp |
| US | 8.8.8.8:53 | iarcmgz.net | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | pxjxlvh.com | udp |
| US | 8.8.8.8:53 | ygeeoeyksc.org | udp |
| US | 8.8.8.8:53 | rzlqhnd.org | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | isegumiwim.org | udp |
| US | 8.8.8.8:53 | zgrabzvho.net | udp |
| US | 8.8.8.8:53 | kmpwhjmmspq.net | udp |
| US | 8.8.8.8:53 | fchiuifsm.info | udp |
| US | 8.8.8.8:53 | lnnxfbmihwjl.net | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | rcxnbkpnxijp.info | udp |
| US | 8.8.8.8:53 | gwcamwok.com | udp |
| US | 8.8.8.8:53 | rjiwhwl.net | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | xkdxriodovod.info | udp |
| US | 8.8.8.8:53 | usrgbaezriu.net | udp |
| US | 8.8.8.8:53 | qjcehmirhr.info | udp |
| US | 8.8.8.8:53 | dcjonzvgvt.net | udp |
| US | 8.8.8.8:53 | szesgnzuljvr.net | udp |
| US | 8.8.8.8:53 | neeuhhdpvp.net | udp |
| US | 8.8.8.8:53 | odlgqao.info | udp |
| US | 8.8.8.8:53 | vaovhdhfxoaf.info | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | vrajnahvax.net | udp |
| US | 8.8.8.8:53 | fysaxvagxdsc.net | udp |
| US | 8.8.8.8:53 | bebgrsmz.net | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | shdwedn.info | udp |
| US | 8.8.8.8:53 | oxaetw.net | udp |
| US | 8.8.8.8:53 | kowyshf.info | udp |
| US | 8.8.8.8:53 | xvlrzcvypay.info | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | tnzjdtdkzeqo.info | udp |
| US | 8.8.8.8:53 | zqjhcnlcf.com | udp |
| US | 8.8.8.8:53 | bxhctax.info | udp |
| US | 8.8.8.8:53 | hdaflgsajr.net | udp |
| US | 8.8.8.8:53 | xdxyoplejx.net | udp |
| US | 8.8.8.8:53 | rdpmvsy.net | udp |
| US | 8.8.8.8:53 | jmdktsgww.com | udp |
| US | 8.8.8.8:53 | omfceefijsd.info | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | ltfacch.net | udp |
| US | 8.8.8.8:53 | cwwqhmfmnbip.net | udp |
| US | 8.8.8.8:53 | kccegmwo.org | udp |
| US | 8.8.8.8:53 | cqawya.com | udp |
| US | 8.8.8.8:53 | woaiemuygo.org | udp |
| US | 8.8.8.8:53 | jhpcmvmwzxv.info | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | iuhqhpxp.info | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | crnvfkbzhoh.net | udp |
| US | 8.8.8.8:53 | bdfnhhhgpm.info | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | gwwoasrgid.info | udp |
| US | 8.8.8.8:53 | somslssm.net | udp |
| US | 8.8.8.8:53 | ekhwyit.net | udp |
| US | 8.8.8.8:53 | ikoems.org | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | erbzhagrsz.net | udp |
| US | 8.8.8.8:53 | yimkxzip.net | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | dadbxsi.org | udp |
| US | 8.8.8.8:53 | uozvovvk.net | udp |
| US | 8.8.8.8:53 | mhraahh.info | udp |
| US | 8.8.8.8:53 | mfngsd.net | udp |
| US | 8.8.8.8:53 | ptxuton.info | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | gorcqaxop.info | udp |
| US | 8.8.8.8:53 | vzgdqdzpov.net | udp |
| US | 8.8.8.8:53 | zstpczzynx.info | udp |
| US | 8.8.8.8:53 | mmgkcwis.org | udp |
| US | 8.8.8.8:53 | gpvotl.info | udp |
| US | 8.8.8.8:53 | wcmely.net | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | alrwhknmbtp.info | udp |
| US | 8.8.8.8:53 | zfhbmzzpoa.net | udp |
| US | 8.8.8.8:53 | fqcslafjh.info | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | ueckgg.org | udp |
| US | 8.8.8.8:53 | lirezebem.net | udp |
| US | 8.8.8.8:53 | hxrkitxfuw.info | udp |
| US | 8.8.8.8:53 | orwysnotnhrl.net | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | bkouzlskna.info | udp |
| US | 8.8.8.8:53 | ioeeka.info | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | nptkczhpnkd.org | udp |
| US | 8.8.8.8:53 | agmifggt.info | udp |
| US | 8.8.8.8:53 | zalbqswic.net | udp |
| US | 8.8.8.8:53 | rkzidmzt.net | udp |
| US | 8.8.8.8:53 | jbvgnhkc.info | udp |
| US | 8.8.8.8:53 | dfqccjcuab.info | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | ikiyoesqis.org | udp |
| US | 8.8.8.8:53 | xnpnvhjaoyys.net | udp |
| US | 8.8.8.8:53 | uqwegb.info | udp |
| US | 8.8.8.8:53 | ptzgflgddctr.info | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | vtxhmv.info | udp |
| US | 8.8.8.8:53 | kwpnwxoftfik.info | udp |
| US | 8.8.8.8:53 | edahasmtdszj.net | udp |
| US | 8.8.8.8:53 | fmhrxirb.info | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | rftewtey.info | udp |
| US | 8.8.8.8:53 | vwvyrozbthu.info | udp |
| US | 8.8.8.8:53 | xgxspghttiw.org | udp |
| US | 8.8.8.8:53 | gnjydacld.net | udp |
| US | 8.8.8.8:53 | fktmxuqefwi.com | udp |
| US | 8.8.8.8:53 | katjop.net | udp |
| US | 8.8.8.8:53 | tshmbk.info | udp |
| US | 8.8.8.8:53 | mqwcwakcacok.com | udp |
| US | 8.8.8.8:53 | ndkibmjy.info | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | gksjlntrzvpo.info | udp |
| US | 8.8.8.8:53 | znlnvoxoa.info | udp |
| US | 8.8.8.8:53 | psmcdhgilix.info | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | wgjkcuj.info | udp |
| US | 8.8.8.8:53 | egiehizwpo.net | udp |
| US | 8.8.8.8:53 | etttukpvscma.net | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | xsxbrfdvrxq.org | udp |
| US | 8.8.8.8:53 | qiinwvpxhc.net | udp |
| US | 8.8.8.8:53 | ggrhawfinynh.net | udp |
| US | 8.8.8.8:53 | tvruda.net | udp |
| US | 8.8.8.8:53 | wmambwp.net | udp |
| US | 8.8.8.8:53 | ummumi.com | udp |
| US | 8.8.8.8:53 | noutubpgrub.com | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | soywsu.org | udp |
| US | 8.8.8.8:53 | xyvquuemlcn.info | udp |
| US | 8.8.8.8:53 | owewbsnw.info | udp |
| US | 8.8.8.8:53 | odimydg.info | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | ggvadldcjsy.info | udp |
| US | 8.8.8.8:53 | gmiiys.com | udp |
| US | 8.8.8.8:53 | zuzwlwi.com | udp |
| US | 8.8.8.8:53 | fzeiet.net | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | pddwmyhyql.net | udp |
| US | 8.8.8.8:53 | pccavkfojob.net | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | lnesdurm.info | udp |
| US | 8.8.8.8:53 | bihlswxgza.net | udp |
| US | 8.8.8.8:53 | djtkxyaabsu.net | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | bnfuehck.net | udp |
| US | 8.8.8.8:53 | dwezpm.net | udp |
| US | 8.8.8.8:53 | tgnqtwz.info | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | xjozkqup.info | udp |
| US | 8.8.8.8:53 | jgaidkhhz.net | udp |
| US | 8.8.8.8:53 | fyzref.info | udp |
| US | 8.8.8.8:53 | vperro.net | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | sqhlvwicquw.net | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | mmdnfmo.net | udp |
| US | 8.8.8.8:53 | kldelwdjeih.net | udp |
| US | 8.8.8.8:53 | jcsrkfzz.net | udp |
| US | 8.8.8.8:53 | hirulmrid.com | udp |
| US | 8.8.8.8:53 | aoiyviv.net | udp |
| US | 8.8.8.8:53 | lgbhamisdvki.info | udp |
| US | 8.8.8.8:53 | wjwsrivt.info | udp |
| US | 8.8.8.8:53 | wacigsae.com | udp |
| US | 8.8.8.8:53 | eivisiz.net | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | lixcmjcfp.info | udp |
| US | 8.8.8.8:53 | mjfylyp.info | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | budmtdjuhxr.net | udp |
| US | 8.8.8.8:53 | etpikd.info | udp |
| US | 8.8.8.8:53 | esbnoizzpwr.info | udp |
| US | 8.8.8.8:53 | nlpsux.net | udp |
| US | 8.8.8.8:53 | uyrslxxflyx.net | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | iuoccsyygs.org | udp |
| US | 8.8.8.8:53 | lebubjt.com | udp |
| US | 8.8.8.8:53 | cmjnvuxutot.info | udp |
| US | 8.8.8.8:53 | nxckvsmxy.net | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | ftjhrgasq.com | udp |
| US | 8.8.8.8:53 | aezefhl.info | udp |
| US | 8.8.8.8:53 | hsxyzompncxz.net | udp |
| US | 8.8.8.8:53 | ybozqxdeda.net | udp |
| US | 8.8.8.8:53 | yfluaw.net | udp |
| US | 8.8.8.8:53 | dqjxtgf.org | udp |
| US | 8.8.8.8:53 | dhaxbalfsxdm.net | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | pxgbvh.net | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | zarqgmnmf.com | udp |
| US | 8.8.8.8:53 | oiymgkeueesm.org | udp |
| US | 8.8.8.8:53 | vusexhzax.info | udp |
| US | 8.8.8.8:53 | ejbuigrni.info | udp |
| US | 8.8.8.8:53 | psgoroz.com | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | cerobuy.info | udp |
| US | 8.8.8.8:53 | kqnmysnuj.net | udp |
| US | 8.8.8.8:53 | ampmlitscwx.info | udp |
| US | 8.8.8.8:53 | rvkhtez.org | udp |
| US | 8.8.8.8:53 | tjuffkpkht.net | udp |
| US | 8.8.8.8:53 | geimasbotcq.net | udp |
| US | 8.8.8.8:53 | jtrribhiao.info | udp |
| US | 8.8.8.8:53 | jchqvtja.net | udp |
| US | 8.8.8.8:53 | tanxkfqvacph.net | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | vfnagubqjetj.net | udp |
| US | 8.8.8.8:53 | qguxpucj.net | udp |
| US | 8.8.8.8:53 | loayryfmoao.info | udp |
| US | 8.8.8.8:53 | ryxsxamud.org | udp |
| US | 8.8.8.8:53 | lzraggjubajv.net | udp |
| US | 8.8.8.8:53 | sekwozqb.info | udp |
| US | 8.8.8.8:53 | qoscbfwgekmh.net | udp |
| US | 8.8.8.8:53 | awdqihic.info | udp |
| US | 8.8.8.8:53 | mmyyumko.org | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | udbmxmboiiv.info | udp |
| US | 8.8.8.8:53 | hfgtdbkg.net | udp |
| US | 8.8.8.8:53 | kglohyite.net | udp |
| US | 8.8.8.8:53 | aeqsoorotqoy.net | udp |
| US | 8.8.8.8:53 | eizthq.net | udp |
| US | 8.8.8.8:53 | awgfwifmpcx.net | udp |
| US | 8.8.8.8:53 | gtmlziuowd.info | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | nkviukd.info | udp |
| US | 8.8.8.8:53 | mbnxxncrks.info | udp |
| US | 8.8.8.8:53 | eqxmja.info | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | gjvwzi.net | udp |
| US | 8.8.8.8:53 | onmmpbuk.info | udp |
| US | 8.8.8.8:53 | jrghlzet.net | udp |
| US | 8.8.8.8:53 | luogeczir.info | udp |
| US | 8.8.8.8:53 | qapqhz.info | udp |
| US | 8.8.8.8:53 | mqsasi.com | udp |
| US | 8.8.8.8:53 | kevkjeter.net | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | dstkmmwwx.org | udp |
| US | 8.8.8.8:53 | ertmvok.info | udp |
| US | 8.8.8.8:53 | kujowdttudi.info | udp |
| US | 8.8.8.8:53 | luzucodrx.net | udp |
| US | 8.8.8.8:53 | wvdwmcairecg.net | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | ssiaewim.org | udp |
| US | 8.8.8.8:53 | yiabvs.net | udp |
| US | 8.8.8.8:53 | lbwcsywcqqg.net | udp |
| US | 8.8.8.8:53 | kcycncu.net | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | rsrmwfogfggb.net | udp |
| US | 8.8.8.8:53 | oeqiqyiiec.com | udp |
| US | 8.8.8.8:53 | vshlhpmatyo.com | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | qoolnadvf.net | udp |
| US | 8.8.8.8:53 | nmdgzgac.net | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | vllsxp.net | udp |
| US | 8.8.8.8:53 | yadkxxu.net | udp |
| US | 8.8.8.8:53 | lazsjnl.org | udp |
| US | 8.8.8.8:53 | cqkwpf.net | udp |
| US | 8.8.8.8:53 | qquxdoe.info | udp |
| US | 8.8.8.8:53 | bfswvevrvsjr.info | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | vpihvnzdxz.net | udp |
| US | 8.8.8.8:53 | nwugjaofact.org | udp |
| US | 8.8.8.8:53 | ickaeucegccc.com | udp |
| US | 8.8.8.8:53 | pyxvjyrqe.net | udp |
| US | 8.8.8.8:53 | dmlutakit.info | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | mrcujtvexnjl.info | udp |
| US | 8.8.8.8:53 | jjncwbrsyehu.info | udp |
| US | 8.8.8.8:53 | kccmvtdbash.net | udp |
| US | 8.8.8.8:53 | yitluyqh.net | udp |
| US | 8.8.8.8:53 | wwmewmuuyssy.org | udp |
| US | 8.8.8.8:53 | eumxplbmsb.net | udp |
| US | 8.8.8.8:53 | uelacxnjhyn.info | udp |
| US | 8.8.8.8:53 | gddxwcum.info | udp |
| US | 8.8.8.8:53 | axdaxqby.info | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | eoogacag.com | udp |
| US | 8.8.8.8:53 | dqhsbblmdlnr.info | udp |
| US | 8.8.8.8:53 | ymmwsswsgocw.com | udp |
| US | 8.8.8.8:53 | ebtkae.net | udp |
| US | 8.8.8.8:53 | ereujumop.net | udp |
| US | 8.8.8.8:53 | yqlnftoodyt.net | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | rktshzjcvcyu.info | udp |
| US | 8.8.8.8:53 | zqhwwsv.net | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | tzyuvkxjp.info | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | beinlqj.org | udp |
| US | 8.8.8.8:53 | oqdeovkozgp.info | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | imenusmvrt.info | udp |
| US | 8.8.8.8:53 | lwyqvxnxbez.org | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | euueaygm.org | udp |
| US | 8.8.8.8:53 | gezezv.info | udp |
| US | 8.8.8.8:53 | agfxoc.info | udp |
| US | 8.8.8.8:53 | cczuael.info | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | gatzneaty.net | udp |
| US | 8.8.8.8:53 | yhoezcfes.net | udp |
| US | 8.8.8.8:53 | jhpxpkivklnr.info | udp |
| US | 8.8.8.8:53 | kucrgyoz.info | udp |
| US | 8.8.8.8:53 | gkzotntemow.net | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | miuonjhet.net | udp |
| US | 8.8.8.8:53 | qrxczmlz.info | udp |
| US | 8.8.8.8:53 | yzswdrceb.info | udp |
| US | 8.8.8.8:53 | brjjhvba.net | udp |
| US | 8.8.8.8:53 | gseuua.com | udp |
| US | 8.8.8.8:53 | nubupzacj.info | udp |
| US | 8.8.8.8:53 | vezxlorsjj.net | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | wsuadqcep.info | udp |
| US | 8.8.8.8:53 | ntrtdq.net | udp |
| US | 8.8.8.8:53 | zutahmnphhf.org | udp |
| US | 8.8.8.8:53 | cbnjjdpbhh.net | udp |
| US | 8.8.8.8:53 | eaufjyoeu.net | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | ouzixcaqw.net | udp |
| US | 8.8.8.8:53 | jeexyjwkek.info | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | iqhjrl.net | udp |
| US | 8.8.8.8:53 | vxoixjjtujl.com | udp |
| US | 8.8.8.8:53 | qsjkanegi.net | udp |
| US | 8.8.8.8:53 | kitwmzlqiw.net | udp |
| US | 8.8.8.8:53 | mhqnwjttv.info | udp |
| US | 8.8.8.8:53 | ouxnksx.net | udp |
| US | 8.8.8.8:53 | iairbmma.info | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| DE | 172.217.16.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | oqhnqvht.net | udp |
| US | 8.8.8.8:53 | ohvbxmx.info | udp |
| US | 8.8.8.8:53 | byntnatgout.com | udp |
| US | 8.8.8.8:53 | pzdohkdetwb.org | udp |
| US | 8.8.8.8:53 | pqlwrud.info | udp |
| US | 8.8.8.8:53 | bbqkfxvm.net | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | agqwme.com | udp |
| US | 8.8.8.8:53 | purwztuodiv.net | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | seamwsuiwu.org | udp |
| US | 8.8.8.8:53 | aguorernvoo.info | udp |
| US | 8.8.8.8:53 | phvezdnax.net | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | cevacterlipl.info | udp |
| US | 8.8.8.8:53 | xmdhjhbyvwtp.info | udp |
| US | 8.8.8.8:53 | dzxehcuaknps.info | udp |
| US | 8.8.8.8:53 | dalsey.net | udp |
| US | 8.8.8.8:53 | qizfiirq.info | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | ycggwkaukiqu.com | udp |
| US | 8.8.8.8:53 | yodxdhh.net | udp |
| US | 8.8.8.8:53 | ztpmhitsl.com | udp |
| US | 8.8.8.8:53 | hzqyldtaayb.net | udp |
| US | 8.8.8.8:53 | wiwgmewsey.org | udp |
| US | 8.8.8.8:53 | tzhglzdcjok.com | udp |
| US | 8.8.8.8:53 | isfktsvjdmyl.net | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | tvveyixix.com | udp |
| US | 8.8.8.8:53 | cxdhyphw.net | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | eyysasoe.com | udp |
| US | 8.8.8.8:53 | tgticatwwkz.com | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | pvksnm.net | udp |
| US | 8.8.8.8:53 | hkbqkhfv.info | udp |
| US | 8.8.8.8:53 | okluiwhyfmc.net | udp |
| US | 8.8.8.8:53 | oqzkxuyslcp.info | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | ledkogt.info | udp |
| US | 8.8.8.8:53 | xaejgol.info | udp |
| US | 8.8.8.8:53 | cmiucq.com | udp |
| US | 8.8.8.8:53 | rvxetshwfbrx.net | udp |
| US | 8.8.8.8:53 | rwlelylkm.net | udp |
| US | 8.8.8.8:53 | iqlrojajxlae.net | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | umfeagp.net | udp |
| US | 8.8.8.8:53 | lopapyl.info | udp |
| US | 8.8.8.8:53 | jmzwqqasg.net | udp |
| US | 8.8.8.8:53 | jhccfthza.net | udp |
| US | 8.8.8.8:53 | tgtkqedh.net | udp |
| US | 8.8.8.8:53 | ryokpgu.info | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | xcwputtnrc.info | udp |
| US | 8.8.8.8:53 | fwpydlnsm.org | udp |
| US | 8.8.8.8:53 | dezovwtux.org | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | cucuyiwmsisw.com | udp |
| US | 8.8.8.8:53 | amnyvalxii.net | udp |
| US | 8.8.8.8:53 | smsetiwswwf.info | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | rrcnpslj.net | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | bvtwxoj.net | udp |
| US | 8.8.8.8:53 | aozhnsbtryh.net | udp |
| US | 8.8.8.8:53 | mwyciy.org | udp |
| US | 8.8.8.8:53 | bfhilgj.info | udp |
| US | 8.8.8.8:53 | epjqjptooi.info | udp |
| US | 8.8.8.8:53 | lnudhr.net | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | dunbraffji.net | udp |
| US | 8.8.8.8:53 | wbatnzd.info | udp |
| US | 8.8.8.8:53 | hhqmxcesyyr.net | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | naaavcg.net | udp |
| US | 8.8.8.8:53 | btulpimrp.org | udp |
| US | 8.8.8.8:53 | gigqyi.org | udp |
| US | 8.8.8.8:53 | zudswklapt.info | udp |
| US | 8.8.8.8:53 | fgccfyvkmqw.org | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | qsjdnguup.info | udp |
| US | 8.8.8.8:53 | bqghwrfh.net | udp |
| US | 8.8.8.8:53 | uxgmenvx.info | udp |
| US | 8.8.8.8:53 | qxrdbojcvv.net | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | rdzgvtvocoux.info | udp |
| US | 8.8.8.8:53 | uxhanoj.net | udp |
| US | 8.8.8.8:53 | dhrgstbzr.org | udp |
| US | 8.8.8.8:53 | bkefmanf.net | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | okuugqeny.net | udp |
| US | 8.8.8.8:53 | xlffae.net | udp |
| US | 8.8.8.8:53 | eebwzuj.info | udp |
| US | 8.8.8.8:53 | gkcdnlgibipe.net | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | swqzbc.net | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | rajhjlpujtxr.net | udp |
| US | 8.8.8.8:53 | uafkeyperez.net | udp |
| US | 8.8.8.8:53 | eusgnwl.net | udp |
| US | 8.8.8.8:53 | bogjswnepo.info | udp |
| US | 8.8.8.8:53 | ykloqufmvsz.info | udp |
| US | 8.8.8.8:53 | uohutkd.info | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | fvnttj.net | udp |
| US | 8.8.8.8:53 | xycfixpl.net | udp |
| US | 8.8.8.8:53 | bezmqd.info | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | pydhppfekvm.info | udp |
| US | 8.8.8.8:53 | pmwgeoaorhp.org | udp |
| US | 8.8.8.8:53 | zunlevyykjvk.net | udp |
| US | 8.8.8.8:53 | xptqpyju.info | udp |
| US | 8.8.8.8:53 | bjsehqbwnnd.org | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | yqqigkwo.org | udp |
| US | 8.8.8.8:53 | ubzndba.net | udp |
| US | 8.8.8.8:53 | gifafbjxpc.info | udp |
| US | 8.8.8.8:53 | eisaagmg.com | udp |
| US | 8.8.8.8:53 | wsemtqtmtya.info | udp |
| US | 8.8.8.8:53 | lyzsxmgwjbj.org | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | iivwjau.info | udp |
| US | 8.8.8.8:53 | wedsguzygla.info | udp |
| US | 8.8.8.8:53 | skghlo.net | udp |
| US | 8.8.8.8:53 | owwawfra.net | udp |
| US | 8.8.8.8:53 | hffqnn.net | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | uicgherub.net | udp |
| US | 8.8.8.8:53 | cmcmqgqigcsq.com | udp |
| US | 8.8.8.8:53 | qkyabb.info | udp |
| US | 8.8.8.8:53 | cmyxpmrvqh.info | udp |
| US | 8.8.8.8:53 | bcedrse.net | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | jegyfmtykkc.org | udp |
| US | 8.8.8.8:53 | hlqsiishnzvn.info | udp |
| US | 8.8.8.8:53 | beaqed.net | udp |
| US | 8.8.8.8:53 | heggidkv.info | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | ribcsxe.net | udp |
| US | 8.8.8.8:53 | jvjcarzyixai.info | udp |
| US | 8.8.8.8:53 | rukuvubbl.com | udp |
| US | 8.8.8.8:53 | gggnogwmsxbc.info | udp |
| US | 8.8.8.8:53 | zqtuiw.net | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | zfbgjtyjexjh.info | udp |
| US | 8.8.8.8:53 | tlfipuxyziw.net | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | qqxqfajvl.info | udp |
| US | 8.8.8.8:53 | qwyguaiokegy.com | udp |
| US | 8.8.8.8:53 | jcxkmst.net | udp |
| US | 8.8.8.8:53 | nwccgwnz.info | udp |
| US | 8.8.8.8:53 | qeyiqcog.org | udp |
| US | 8.8.8.8:53 | hivqpthstvf.com | udp |
| US | 8.8.8.8:53 | gmkmswgeh.net | udp |
| US | 8.8.8.8:53 | vkbcrtzkio.net | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | uwgivrk.info | udp |
| US | 8.8.8.8:53 | jekmpqjlk.net | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | zizcxulmw.org | udp |
| US | 8.8.8.8:53 | zciknizk.info | udp |
| US | 8.8.8.8:53 | hodfpguq.net | udp |
| US | 8.8.8.8:53 | safsvdgowhpq.info | udp |
| US | 8.8.8.8:53 | xwzxfwhmtqp.net | udp |
| US | 8.8.8.8:53 | xmvuzwtad.org | udp |
| US | 8.8.8.8:53 | pamopxk.info | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | ugiwweyaqw.com | udp |
| US | 8.8.8.8:53 | khbvvflj.net | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | qanamzn.info | udp |
| US | 8.8.8.8:53 | jipgzkbyv.net | udp |
| US | 8.8.8.8:53 | uruyfxbunh.info | udp |
| US | 8.8.8.8:53 | hrxuuivu.info | udp |
| US | 8.8.8.8:53 | davjsyt.info | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | qesyhoikwgh.info | udp |
| US | 8.8.8.8:53 | vchadohmp.com | udp |
| US | 8.8.8.8:53 | dyoboi.info | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | hgukyfgrd.com | udp |
| US | 8.8.8.8:53 | swcksyke.com | udp |
| US | 8.8.8.8:53 | fwhhlgbahu.info | udp |
| US | 8.8.8.8:53 | idnumaf.info | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | qmsiug.com | udp |
| US | 8.8.8.8:53 | ruzfpyd.info | udp |
| US | 8.8.8.8:53 | fmvmlgjccbt.info | udp |
| US | 8.8.8.8:53 | akioqmgkowqu.com | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | vfbsbuoob.info | udp |
| US | 8.8.8.8:53 | kirxkmviw.info | udp |
| US | 8.8.8.8:53 | ijzwwskldu.net | udp |
| US | 8.8.8.8:53 | rtbxvocdtj.info | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | bdxrdepreqq.info | udp |
| US | 8.8.8.8:53 | gswwhpzezol.info | udp |
| US | 8.8.8.8:53 | kbjqlgjovkz.info | udp |
| US | 8.8.8.8:53 | modgimmsfel.net | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | gmiicw.com | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | uqmmekiack.com | udp |
| US | 8.8.8.8:53 | vziominv.net | udp |
| US | 8.8.8.8:53 | didypazwpqv.com | udp |
| US | 8.8.8.8:53 | oyymui.com | udp |
| US | 8.8.8.8:53 | okeamgag.org | udp |
| US | 8.8.8.8:53 | oycwcpku.info | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | zginfctmr.net | udp |
| US | 8.8.8.8:53 | dizovszwh.info | udp |
| US | 8.8.8.8:53 | cinvwtzyom.net | udp |
| US | 8.8.8.8:53 | mrvdhhh.info | udp |
| US | 8.8.8.8:53 | zvqowljubmth.net | udp |
| US | 8.8.8.8:53 | gryyhidmhyw.net | udp |
| US | 8.8.8.8:53 | jgqcpgtufma.com | udp |
| US | 8.8.8.8:53 | cecuaipn.net | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | cdbvtovae.net | udp |
| US | 8.8.8.8:53 | kkcadcm.net | udp |
| US | 8.8.8.8:53 | abywsoii.net | udp |
| US | 8.8.8.8:53 | rrxfomqa.info | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | zgtidbvalmof.net | udp |
| US | 8.8.8.8:53 | oorcphn.net | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | jwhugm.net | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | wnrmuzzkrwji.info | udp |
| US | 8.8.8.8:53 | ewjcunuihgt.net | udp |
| US | 8.8.8.8:53 | tkzrur.net | udp |
| US | 8.8.8.8:53 | vltddb.net | udp |
| US | 8.8.8.8:53 | mqwyusisso.org | udp |
| US | 8.8.8.8:53 | xrepwf.net | udp |
| US | 8.8.8.8:53 | lzmdkfpn.net | udp |
| US | 8.8.8.8:53 | czvfsqln.net | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | koxydhdobmn.info | udp |
| US | 8.8.8.8:53 | yymooggyaieg.com | udp |
| US | 8.8.8.8:53 | nlrwsafslgo.info | udp |
| US | 8.8.8.8:53 | ckugqywm.org | udp |
| US | 8.8.8.8:53 | feqkdbt.net | udp |
| US | 8.8.8.8:53 | qmcccqtoj.net | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | viweboltp.org | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | wwosug.org | udp |
| US | 8.8.8.8:53 | thtrec.net | udp |
| US | 8.8.8.8:53 | rmguptzwl.info | udp |
| US | 8.8.8.8:53 | pwxevezaknf.net | udp |
| US | 8.8.8.8:53 | adszbk.net | udp |
| US | 8.8.8.8:53 | ntdznjba.info | udp |
| US | 8.8.8.8:53 | vxlgyfq.org | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | qmowooycqq.org | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | dncmpbfdqahv.net | udp |
| US | 8.8.8.8:53 | ncpnrjdqqid.info | udp |
| US | 8.8.8.8:53 | lmesdkbqx.org | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | ckfsfzvb.info | udp |
| US | 8.8.8.8:53 | xpprgyv.info | udp |
| US | 8.8.8.8:53 | pmrvduodowf.com | udp |
| US | 8.8.8.8:53 | satiuqpyn.net | udp |
| US | 8.8.8.8:53 | iswacuimwoem.com | udp |
| US | 8.8.8.8:53 | cssazz.net | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | xsejbqqsh.com | udp |
| US | 8.8.8.8:53 | eeocswg.net | udp |
| US | 8.8.8.8:53 | mrjifgq.info | udp |
| US | 8.8.8.8:53 | dduwpgojsllf.info | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | bxlglkji.net | udp |
| US | 8.8.8.8:53 | esagcs.org | udp |
| US | 54.161.116.39:80 | esagcs.org | tcp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | nvzrtazf.net | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | cyyeukesgqya.com | udp |
| US | 8.8.8.8:53 | emmvumposwl.info | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | imdpldaw.net | udp |
| US | 8.8.8.8:53 | kndhzlaofft.info | udp |
| US | 8.8.8.8:53 | gzlujum.net | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | wkvbivvnu.net | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | uwyooy.org | udp |
| US | 8.8.8.8:53 | wbxghgbab.net | udp |
| US | 8.8.8.8:53 | bqhidmhdxwk.info | udp |
| US | 8.8.8.8:53 | myayqqkeiy.com | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | dsrbckrxvofo.info | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | zsachgjx.net | udp |
| US | 8.8.8.8:53 | peasjqfgbu.info | udp |
| US | 8.8.8.8:53 | ryjatlcd.net | udp |
| US | 8.8.8.8:53 | hzbctrmwrod.info | udp |
| US | 8.8.8.8:53 | keoeyu.com | udp |
| US | 8.8.8.8:53 | rxzdpgdckdj.net | udp |
| US | 8.8.8.8:53 | celavxwmxyf.net | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | mqiasm.org | udp |
| US | 8.8.8.8:53 | uwszhmaoow.info | udp |
| US | 8.8.8.8:53 | cjpwba.info | udp |
| US | 8.8.8.8:53 | nbrdrfqc.info | udp |
| US | 8.8.8.8:53 | jegurd.info | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | egxrdgftoeze.net | udp |
| US | 8.8.8.8:53 | qolpsmv.net | udp |
| US | 8.8.8.8:53 | bwhhiptfrf.info | udp |
| US | 8.8.8.8:53 | puridn.net | udp |
| US | 8.8.8.8:53 | pnrqwpwa.net | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | blbtypqagr.info | udp |
| US | 8.8.8.8:53 | ayualyfpmtvc.net | udp |
| US | 8.8.8.8:53 | wuyouagfzxho.info | udp |
| US | 8.8.8.8:53 | karcxeeda.net | udp |
| US | 8.8.8.8:53 | rwxizundrgz.org | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | hrdsgohxw.info | udp |
| US | 8.8.8.8:53 | kqyeky.org | udp |
| US | 8.8.8.8:53 | gspcxzpfn.info | udp |
| US | 8.8.8.8:53 | aksamm.com | udp |
| US | 8.8.8.8:53 | quytrmdgtt.info | udp |
| US | 8.8.8.8:53 | xmnugwo.org | udp |
| US | 8.8.8.8:53 | fdfochsfea.net | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | ygblqgsrn.info | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | vcznoccwfml.com | udp |
| US | 8.8.8.8:53 | zadzaljgtz.net | udp |
| US | 8.8.8.8:53 | imtkvkh.net | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | fjzchhimx.net | udp |
| US | 8.8.8.8:53 | telbrvdoxztc.net | udp |
| US | 8.8.8.8:53 | rchnidb.info | udp |
| US | 8.8.8.8:53 | falhskzmthc.org | udp |
| US | 8.8.8.8:53 | xipmiqs.com | udp |
| US | 8.8.8.8:53 | lzrabyc.com | udp |
| US | 8.8.8.8:53 | hakodixwz.com | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | oxqkaujgkcr.info | udp |
| US | 8.8.8.8:53 | acwmqiaeec.com | udp |
| US | 8.8.8.8:53 | ufuxzugrlunj.net | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| US | 8.8.8.8:53 | cnugzmrcnup.info | udp |
| US | 8.8.8.8:53 | germpssgx.net | udp |
| US | 8.8.8.8:53 | hiwihfo.com | udp |
| US | 8.8.8.8:53 | tavkirvzfwl.com | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | bpppiqomphdu.info | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | kzjaimvcg.net | udp |
| US | 8.8.8.8:53 | fwbgrnpwliv.org | udp |
| US | 8.8.8.8:53 | xlvnuxzyyvnh.net | udp |
| US | 8.8.8.8:53 | zqjhrfqubiw.net | udp |
| US | 8.8.8.8:53 | hzmjwu.info | udp |
| US | 8.8.8.8:53 | gmdsxyg.net | udp |
| US | 8.8.8.8:53 | hslofy.info | udp |
| US | 8.8.8.8:53 | jetnzbjh.info | udp |
| US | 8.8.8.8:53 | kawmwaggqmks.com | udp |
| US | 8.8.8.8:53 | bavppixu.net | udp |
| US | 8.8.8.8:53 | hpzrrtsiy.org | udp |
| US | 8.8.8.8:53 | cmieoieocgkc.com | udp |
| US | 8.8.8.8:53 | lnjdeazo.info | udp |
| US | 8.8.8.8:53 | ylabgkph.net | udp |
| US | 8.8.8.8:53 | afabzxjgrwen.net | udp |
| US | 8.8.8.8:53 | fkgritslx.org | udp |
| US | 8.8.8.8:53 | ntpohnlnfb.info | udp |
| US | 8.8.8.8:53 | xxyzvqrs.info | udp |
| US | 8.8.8.8:53 | vumblxozh.info | udp |
| US | 8.8.8.8:53 | owouomuuwg.org | udp |
| US | 8.8.8.8:53 | uljytqfeq.net | udp |
| US | 8.8.8.8:53 | ptpwnlreeaxo.net | udp |
| US | 8.8.8.8:53 | bgyycmchtyla.net | udp |
| US | 8.8.8.8:53 | iwkose.com | udp |
| US | 8.8.8.8:53 | tfapcmkztfik.info | udp |
| US | 8.8.8.8:53 | wcicueay.com | udp |
| US | 8.8.8.8:53 | jwqgsstftsj.org | udp |
| US | 8.8.8.8:53 | fbqgqvimvbld.info | udp |
| US | 8.8.8.8:53 | eeeiusoc.com | udp |
| US | 8.8.8.8:53 | vojaxwa.info | udp |
| US | 8.8.8.8:53 | xcokxewkn.net | udp |
| US | 8.8.8.8:53 | mxyidtz.net | udp |
| US | 8.8.8.8:53 | ypqiusdyvoj.info | udp |
| US | 8.8.8.8:53 | dtstyn.net | udp |
| US | 8.8.8.8:53 | fwkusllco.info | udp |
| US | 8.8.8.8:53 | pmbljjlq.info | udp |
| US | 8.8.8.8:53 | uuloamxggyl.net | udp |
| US | 8.8.8.8:53 | zbqtpeerkb.net | udp |
| US | 8.8.8.8:53 | lbysmyvsf.com | udp |
| US | 8.8.8.8:53 | nvmowzmq.net | udp |
| US | 8.8.8.8:53 | zuwrljtqss.net | udp |
| US | 8.8.8.8:53 | dqsqfd.net | udp |
| US | 8.8.8.8:53 | jqlmpmi.net | udp |
| US | 8.8.8.8:53 | vgkgbaoqt.org | udp |
| US | 8.8.8.8:53 | rhjhxelcun.net | udp |
| US | 8.8.8.8:53 | ceujds.info | udp |
| US | 8.8.8.8:53 | qqfssenh.info | udp |
| US | 8.8.8.8:53 | yrbfnb.net | udp |
| US | 8.8.8.8:53 | ugjexkomvyfa.info | udp |
| US | 8.8.8.8:53 | tmrxnmjrkb.net | udp |
| US | 8.8.8.8:53 | tccjcu.net | udp |
| US | 8.8.8.8:53 | vtbeuc.net | udp |
| US | 8.8.8.8:53 | pziuxmp.com | udp |
| US | 8.8.8.8:53 | ixzpxofi.net | udp |
| US | 8.8.8.8:53 | uomieuwsgywa.com | udp |
| US | 8.8.8.8:53 | vvvatizwp.com | udp |
| US | 8.8.8.8:53 | eaaymkuowm.com | udp |
| US | 8.8.8.8:53 | ucukic.com | udp |
| US | 8.8.8.8:53 | zglyzztxny.info | udp |
| US | 8.8.8.8:53 | nwvcvub.net | udp |
| US | 8.8.8.8:53 | dsejsv.info | udp |
| US | 8.8.8.8:53 | ncvmmhncs.org | udp |
| US | 8.8.8.8:53 | fzkrxmam.info | udp |
| US | 8.8.8.8:53 | azwlydffquei.info | udp |
| US | 8.8.8.8:53 | wmkuii.com | udp |
| US | 8.8.8.8:53 | sitybyytb.net | udp |
| US | 8.8.8.8:53 | cslekkzmvur.net | udp |
| US | 8.8.8.8:53 | vasycwhnz.org | udp |
| US | 8.8.8.8:53 | pylchmhko.net | udp |
| US | 8.8.8.8:53 | fixijml.org | udp |
| US | 8.8.8.8:53 | qkkmmi.com | udp |
| US | 8.8.8.8:53 | ozpejehsgw.net | udp |
| US | 8.8.8.8:53 | fkjipaz.net | udp |
| US | 8.8.8.8:53 | pqnmbrnujh.info | udp |
| US | 8.8.8.8:53 | cpwpuw.info | udp |
| US | 8.8.8.8:53 | flxcxav.com | udp |
| US | 8.8.8.8:53 | botaksobzyf.net | udp |
| US | 8.8.8.8:53 | estuldhgvez.net | udp |
| US | 8.8.8.8:53 | bvrlxiawb.net | udp |
| US | 8.8.8.8:53 | mahfbnswjbff.info | udp |
| US | 8.8.8.8:53 | uqsaeocqcgkw.org | udp |
| US | 8.8.8.8:53 | asssgmqkiwag.com | udp |
| US | 8.8.8.8:53 | vgspcei.org | udp |
| US | 8.8.8.8:53 | ujnvvb.net | udp |
| US | 8.8.8.8:53 | bujydax.net | udp |
| US | 8.8.8.8:53 | ruauvwk.com | udp |
| US | 8.8.8.8:53 | cijgywn.net | udp |
| US | 8.8.8.8:53 | uauyemsuwe.org | udp |
| US | 8.8.8.8:53 | sxsydftugfl.net | udp |
| US | 8.8.8.8:53 | cimyrrdhhrb.info | udp |
| US | 8.8.8.8:53 | moysaa.org | udp |
| US | 8.8.8.8:53 | ofsgiipylcn.net | udp |
| US | 8.8.8.8:53 | juxerrdxhcrb.net | udp |
| US | 8.8.8.8:53 | sysicgqsai.com | udp |
| US | 8.8.8.8:53 | msoiygcw.org | udp |
| US | 8.8.8.8:53 | lmlrtwz.info | udp |
| US | 8.8.8.8:53 | pfqcnlguwo.net | udp |
| US | 8.8.8.8:53 | aasaotjlxp.net | udp |
| US | 8.8.8.8:53 | sxnddev.info | udp |
| US | 8.8.8.8:53 | kjspftjd.net | udp |
| US | 8.8.8.8:53 | mawukimaukse.com | udp |
| US | 8.8.8.8:53 | jntxuexoq.net | udp |
| US | 8.8.8.8:53 | vvjnczlqzt.info | udp |
| US | 8.8.8.8:53 | berpdayr.info | udp |
| US | 8.8.8.8:53 | qcsfndwz.info | udp |
| US | 8.8.8.8:53 | jojmneoeo.com | udp |
| US | 8.8.8.8:53 | dwrvygfmm.org | udp |
| US | 8.8.8.8:53 | ceuququmuiso.com | udp |
| US | 8.8.8.8:53 | sogkcaei.com | udp |
| US | 8.8.8.8:53 | awtrjqbmv.net | udp |
| US | 8.8.8.8:53 | jyyassu.net | udp |
| US | 8.8.8.8:53 | bspmbepxigb.org | udp |
| US | 8.8.8.8:53 | jivowkwv.net | udp |
| US | 8.8.8.8:53 | ncvwfsyyn.net | udp |
| US | 8.8.8.8:53 | tcmyprl.org | udp |
| US | 8.8.8.8:53 | bpttpbvgvqe.net | udp |
| US | 8.8.8.8:53 | bgknufqxrr.net | udp |
| US | 8.8.8.8:53 | ejpdqikairvo.info | udp |
| US | 8.8.8.8:53 | oixdxmkad.net | udp |
| US | 8.8.8.8:53 | chzpqrukkvwg.net | udp |
| US | 8.8.8.8:53 | osevuuqylsyk.info | udp |
| US | 8.8.8.8:53 | srhixefbk.info | udp |
| US | 8.8.8.8:53 | ssgqsckw.com | udp |
| US | 8.8.8.8:53 | rqxalwqext.net | udp |
| US | 8.8.8.8:53 | yardwyz.net | udp |
| US | 8.8.8.8:53 | qucicswcesus.com | udp |
| US | 8.8.8.8:53 | cxritgbkwiqj.net | udp |
| US | 8.8.8.8:53 | lcqfpoyzny.net | udp |
| US | 8.8.8.8:53 | gndjlgrw.net | udp |
| US | 8.8.8.8:53 | hkkgmjucyz.info | udp |
| US | 8.8.8.8:53 | tsdwdmacfkj.org | udp |
| US | 8.8.8.8:53 | vgrliplw.net | udp |
| US | 8.8.8.8:53 | xflrdxdu.net | udp |
| US | 8.8.8.8:53 | ukouoaac.com | udp |
| US | 8.8.8.8:53 | lwbliwikju.net | udp |
| US | 8.8.8.8:53 | sjrvzggh.net | udp |
| US | 8.8.8.8:53 | llvcwyqgiy.info | udp |
| US | 8.8.8.8:53 | yabgjuiyvpj.net | udp |
| US | 8.8.8.8:53 | evvnincdai.info | udp |
| US | 8.8.8.8:53 | bosffsfb.net | udp |
| US | 8.8.8.8:53 | uoxvkfdoneh.net | udp |
| US | 8.8.8.8:53 | dhzidetxtzu.org | udp |
| US | 8.8.8.8:53 | cgkswwim.org | udp |
| US | 8.8.8.8:53 | bulexlfsph.info | udp |
| US | 8.8.8.8:53 | yqtafgfohsp.net | udp |
| US | 8.8.8.8:53 | woeoaqumey.com | udp |
| US | 8.8.8.8:53 | kogasquq.org | udp |
| US | 8.8.8.8:53 | kyimsspmwr.info | udp |
| US | 8.8.8.8:53 | lwxvnulqz.org | udp |
| US | 8.8.8.8:53 | nrpqjt.info | udp |
| US | 8.8.8.8:53 | simyxeei.info | udp |
| US | 8.8.8.8:53 | aicmqi.org | udp |
| US | 8.8.8.8:53 | cygqoab.net | udp |
| US | 8.8.8.8:53 | dmxmmwaaw.org | udp |
| US | 8.8.8.8:53 | lkngjoezjnq.com | udp |
| US | 8.8.8.8:53 | lytvvalutr.info | udp |
| US | 8.8.8.8:53 | kaiaieww.org | udp |
| US | 8.8.8.8:53 | vuvkzyxbfqr.net | udp |
| US | 8.8.8.8:53 | srbwimxsnx.net | udp |
| US | 8.8.8.8:53 | jqfijibmecmu.info | udp |
| US | 8.8.8.8:53 | zkhowqliqkb.net | udp |
| US | 8.8.8.8:53 | biuehdf.net | udp |
| US | 8.8.8.8:53 | exjqrcgo.info | udp |
| US | 8.8.8.8:53 | wrbgtg.info | udp |
| US | 8.8.8.8:53 | ymklhj.info | udp |
| US | 8.8.8.8:53 | aijlry.net | udp |
| US | 8.8.8.8:53 | gndzuw.info | udp |
| US | 8.8.8.8:53 | detuny.net | udp |
| US | 8.8.8.8:53 | xbfhtyff.info | udp |
| US | 8.8.8.8:53 | iwrcerpsdsjy.info | udp |
| US | 8.8.8.8:53 | qtelxuwoildp.info | udp |
| US | 8.8.8.8:53 | iubyxwvwvno.net | udp |
| US | 8.8.8.8:53 | rcqapfjrtozt.net | udp |
| US | 8.8.8.8:53 | vsswekgnat.info | udp |
| US | 8.8.8.8:53 | oldsyvr.info | udp |
| US | 8.8.8.8:53 | corspkbyr.info | udp |
| US | 8.8.8.8:53 | trxnpluv.net | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | nrdxoc.net | udp |
| US | 8.8.8.8:53 | kjwejx.net | udp |
| US | 8.8.8.8:53 | uycaoe.org | udp |
| US | 8.8.8.8:53 | icgqseeoqwuq.org | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
| MD5 | 8bd4091e56ecf7598b0e0b150f3a70df |
| SHA1 | d6cee503765ae819eea451a68555d1c9e5c71143 |
| SHA256 | 7e1216c3e258bca31f9c2b696e8dd4625e0e9de1a5890a45b22682bdf19f9f95 |
| SHA512 | 1c9f00aea43924dcba226487b6533edf0e6e0bbbb88d290c2e601085a7646d333bb43dfe57af28658f539941792376306d4fa2823acbdd902f2d4dacf2d68f39 |
C:\Windows\SysWOW64\ratsfxtecqkffnxoze.exe
| MD5 | c940916a51510ded99612bd93114de0d |
| SHA1 | af052d166386189ab6c14e8e49831b6459c42b5f |
| SHA256 | 23500abd545b632364da058b1e9fa90a6c5377fd39266246bee94b0be750775a |
| SHA512 | 7981e1a0e321645e396b80b9bddc102f901466f85f74bb252bf99088e083033a55a8eaad519b428cd161038a6d32e5a47c44dbc3ec2e2f8dc41cc21c2bd87ef1 |
C:\Users\Admin\AppData\Local\Temp\eagss.exe
| MD5 | f95c4c576d7f3d3c881ded9f712b453e |
| SHA1 | 5afc0e7f4853675af33293c058a1c2bff316326d |
| SHA256 | 46c667d846467a239e6a101a0e6ebe5e45ae426302ed943941693cf46b3fe269 |
| SHA512 | 03c26b1c4586a8650945b606df9cd0d443c4a75a34e1579e99a5d18a800777685c2df47e0603e6cd241303a12ededac891d68af970b121769edd28451fd65466 |
C:\Users\Admin\AppData\Local\vqvgfjroyyelxrnqnepkpazdli.syf
| MD5 | 19ab9b05c6208bce17119bc16c7992c8 |
| SHA1 | 1ec18173b00abaa7dd27ff7b3644fc7cd5ac386b |
| SHA256 | e04133cf34c0008154790cbd32ea32f6c76cc1ca708a53dce7c1bc2d9848627c |
| SHA512 | 0f221ebfacb020b505dc08b5cc0b581ce8e0282ee17b84cbbb033e0f45692280f21cfe77830ab12ad5c3e5e50425668343f4aee3fcec8386a02e4cf9456f788e |
C:\Users\Admin\AppData\Local\wcsoyngojuldafmaikgmcyixqytevnkpwksuq.mis
| MD5 | 5f7a7797a4f4dcf54c9a600af8b42c7a |
| SHA1 | 62bb2c5bfa15fd713568703db59b94df4ec9ee5d |
| SHA256 | 3618e36236c5a3e286d0a6ceed9dbd34f3e5c4e22057082ed273d3173811f536 |
| SHA512 | 1135ece30c94be98e459ec109c45f215ed24e66eddfc663dedc00f6e1154704ab63bede6dd3318dc64ed1f6a51069fc989635c7a06d3712adc6df3a864bf8dae |
C:\Program Files (x86)\vqvgfjroyyelxrnqnepkpazdli.syf
| MD5 | 3607d6485f63900bfd637386ff98f4cf |
| SHA1 | 056ba64b2c5cae8aa6da6d36490c6fc0d57fcd98 |
| SHA256 | 3e1295d9dc17f0d68fc8b05e9ca665ee69a7cb5e31f9f18ce1183044e28df7ae |
| SHA512 | 50bebdbf5622d4d54e0bfb9c60c959d37759510539db6c407c47d3951dd8b8bdbd2853e04e699fdfa3b9a0c46eb0331fffec69acf0866b7abc083738311d50ea |
C:\Program Files (x86)\vqvgfjroyyelxrnqnepkpazdli.syf
| MD5 | eb3af33817085cb45de2ba3a685b18ab |
| SHA1 | 98249d1967ff5bc2722de34015a1ddd0b68ba38a |
| SHA256 | 3689fce0a915a79827fffe1ed623a836d778961367e76518b36938158790d34e |
| SHA512 | 89e12d3e64e7e33f9505710d8d1723d8c68612ba94b3c046a643b5bb780b4be349f9406dfe972487550f073f66093d4026dbac5a013e250a115d0db88f1f5206 |
C:\Program Files (x86)\vqvgfjroyyelxrnqnepkpazdli.syf
| MD5 | d0f0a8050e35f519fc9ced9b1bfebbeb |
| SHA1 | 987c117febbcec143934d21377e2280b234b4a9e |
| SHA256 | a7ced65a86116a9b4c4fcf58f98d29960d9dec64b34c4c6990acc030b25df59e |
| SHA512 | 5f0a1f77532b5ee4fa8d7cffdb01dd8d84d30e6dee5a06738bb0d5eeff919f4240e0003f2cbeac06e021c3e08d74a492adfd2d902ed5afbcbff174fa12299c0c |
C:\Program Files (x86)\vqvgfjroyyelxrnqnepkpazdli.syf
| MD5 | 65869c87082cc9f4baf16d80635a69d3 |
| SHA1 | 3ccf4edbe503790f72375ef24e6fa35499c61f15 |
| SHA256 | e792200a6aae3f1a8644a53018111a7b02de077d0cf2262ed8cbbd718069eb5a |
| SHA512 | ff10db0248f8a01f4b963b498a40d736f06fc034d09f1d7064b8416f2f46b8d273e4c26de921e0248aa9dfc0f9b421bd66816f7fac9e98019109ebafc13a9528 |
C:\Program Files (x86)\vqvgfjroyyelxrnqnepkpazdli.syf
| MD5 | 39834596afec1ec0d634bb330712eb35 |
| SHA1 | 45eded30ead4ccebb42071bbf1e3eccc414a007e |
| SHA256 | 553f9bfdfb17866aa3d1818cb686e41912e85a2e7a41cfb9609fdfcc779edbc7 |
| SHA512 | 30fbf56ee02b1a05bb30b3bf8a54c3da072317a5b7336c84af07b5a579c847d97311a283d225bdd4e8d1dd75670e52044fa97b4d9d5f71ab86e10912fdbe3adb |
C:\Program Files (x86)\vqvgfjroyyelxrnqnepkpazdli.syf
| MD5 | b028d212afc1c0a9690c6a48af88b4b2 |
| SHA1 | be1ef5990e27fb01245574cac9c5a41092f06f20 |
| SHA256 | 16d8f4ba768420392104f1043849bb8c97ea9ff0ef31b40958f5e42e856d2638 |
| SHA512 | 2a460970cf823ca78e41d3bef3bf62f371612db16f2696ad4c4e79ce196b163c54cfb2595b655d8d4fb51048a864dd12ceee09792ea37ba086be99e837289177 |
C:\Program Files (x86)\vqvgfjroyyelxrnqnepkpazdli.syf
| MD5 | 6df0f220f456da45d078c684c63e0146 |
| SHA1 | 95f866ac61eb4e1615cc2369ae01a054116a2497 |
| SHA256 | 741a06a19a3dd79a7cd6f28cc47987baa20a503f38cbb6bdd2b8ff772b6fa421 |
| SHA512 | 27f82e9895ff755b7bb0aeecdc4a88815805ca2d564bbb1aa789dbe45ead9e04d4d13b7181f4c54afc1a79c402cd5369ed2236a0cf63dfeb23aac5cbed2bf568 |