Analysis Overview
SHA256
270dce235ce96e14c6472a545008e2e80c489f41b21f8ce9db95a60dd18f99c3
Threat Level: Known bad
The file JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1 was found to be: Known bad.
Malicious Activity Summary
Pykspa
Modifies WinLogon for persistence
Pykspa family
UAC bypass
Detect Pykspa worm
Disables RegEdit via registry modification
Adds policy Run key to start application
Executes dropped EXE
Impair Defenses: Safe Mode Boot
Checks computer location settings
Adds Run key to start application
Looks up external IP address via web service
Checks whether UAC is enabled
Hijack Execution Flow: Executable Installer File Permissions Weakness
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
System policy modification
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-22 13:08
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2025-04-22 13:08
Reported
2025-04-22 13:11
Platform
win11-20250410-en
Max time kernel
54s
Max time network
151s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "njvxpkxtljxaeiodqplx.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njvxpkxtljxaeiodqplx.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "gzihwoyrgbmmnordn.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "czmpiespihwafkrhvvsfi.exe" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "pjttjcnhxtfgikobmj.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrzxlcldrlvuuuwh.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "njvxpkxtljxaeiodqplx.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avghysezqnacfinbnlg.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njvxpkxtljxaeiodqplx.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "zrzxlcldrlvuuuwh.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "njvxpkxtljxaeiodqplx.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czmpiespihwafkrhvvsfi.exe" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "czmpiespihwafkrhvvsfi.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "njvxpkxtljxaeiodqplx.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrzxlcldrlvuuuwh.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njvxpkxtljxaeiodqplx.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "pjttjcnhxtfgikobmj.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avghysezqnacfinbnlg.exe" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "gzihwoyrgbmmnordn.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrzxlcldrlvuuuwh.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avghysezqnacfinbnlg.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "czmpiespihwafkrhvvsfi.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrzxlcldrlvuuuwh.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzihwoyrgbmmnordn.exe" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "avghysezqnacfinbnlg.exe" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "pjttjcnhxtfgikobmj.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "zrzxlcldrlvuuuwh.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njvxpkxtljxaeiodqplx.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njvxpkxtljxaeiodqplx.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "zrzxlcldrlvuuuwh.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czmpiespihwafkrhvvsfi.exe" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "pjttjcnhxtfgikobmj.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avghysezqnacfinbnlg.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czmpiespihwafkrhvvsfi.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czmpiespihwafkrhvvsfi.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "czmpiespihwafkrhvvsfi.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "gzihwoyrgbmmnordn.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrzxlcldrlvuuuwh.exe" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zlnfnybnvj = "pjttjcnhxtfgikobmj.exe ." | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "njvxpkxtljxaeiodqplx.exe" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avghysezqnacfinbnlg.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\zlnfnybnvj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njvxpkxtljxaeiodqplx.exe ." | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czmpiespihwafkrhvvsfi.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zlnfnybnvj = "njvxpkxtljxaeiodqplx.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrzxlcldrlvuuuwh.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "gzihwoyrgbmmnordn.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rhnjvkrhtltqom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qfkfqekzkbieb = "njvxpkxtljxaeiodqplx.exe ." | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "njvxpkxtljxaeiodqplx.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njvxpkxtljxaeiodqplx.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\rfjdnaftdtzu = "gzihwoyrgbmmnordn.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avghysezqnacfinbnlg.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rhnjvkrhtltqom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrzxlcldrlvuuuwh.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "zrzxlcldrlvuuuwh.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qfkfqekzkbieb = "czmpiespihwafkrhvvsfi.exe ." | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\rfjdnaftdtzu = "czmpiespihwafkrhvvsfi.exe" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qfkfqekzkbieb = "pjttjcnhxtfgikobmj.exe ." | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "pjttjcnhxtfgikobmj.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rhnjvkrhtltqom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrzxlcldrlvuuuwh.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avghysezqnacfinbnlg.exe" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qfkfqekzkbieb = "czmpiespihwafkrhvvsfi.exe ." | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "gzihwoyrgbmmnordn.exe" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rhnjvkrhtltqom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czmpiespihwafkrhvvsfi.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qfkfqekzkbieb = "zrzxlcldrlvuuuwh.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\rfjdnaftdtzu = "czmpiespihwafkrhvvsfi.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rhnjvkrhtltqom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzihwoyrgbmmnordn.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zlnfnybnvj = "pjttjcnhxtfgikobmj.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zlnfnybnvj = "njvxpkxtljxaeiodqplx.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rhnjvkrhtltqom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njvxpkxtljxaeiodqplx.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\zlnfnybnvj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzihwoyrgbmmnordn.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rhnjvkrhtltqom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czmpiespihwafkrhvvsfi.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qfkfqekzkbieb = "czmpiespihwafkrhvvsfi.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njvxpkxtljxaeiodqplx.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qfkfqekzkbieb = "avghysezqnacfinbnlg.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "avghysezqnacfinbnlg.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\zlnfnybnvj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\zlnfnybnvj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avghysezqnacfinbnlg.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qfkfqekzkbieb = "gzihwoyrgbmmnordn.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czmpiespihwafkrhvvsfi.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\zlnfnybnvj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njvxpkxtljxaeiodqplx.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "czmpiespihwafkrhvvsfi.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czmpiespihwafkrhvvsfi.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "czmpiespihwafkrhvvsfi.exe" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\rfjdnaftdtzu = "pjttjcnhxtfgikobmj.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zlnfnybnvj = "njvxpkxtljxaeiodqplx.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "gzihwoyrgbmmnordn.exe" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czmpiespihwafkrhvvsfi.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\rfjdnaftdtzu = "pjttjcnhxtfgikobmj.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\rfjdnaftdtzu = "gzihwoyrgbmmnordn.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "avghysezqnacfinbnlg.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "zrzxlcldrlvuuuwh.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzihwoyrgbmmnordn.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "gzihwoyrgbmmnordn.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rhnjvkrhtltqom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrzxlcldrlvuuuwh.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrzxlcldrlvuuuwh.exe" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avghysezqnacfinbnlg.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\gzihwoyrgbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zrzxlcldrlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avghysezqnacfinbnlg.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zrzxlcldrlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\czmpiespihwafkrhvvsfi.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avghysezqnacfinbnlg.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\czmpiespihwafkrhvvsfi.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avghysezqnacfinbnlg.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avghysezqnacfinbnlg.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gzihwoyrgbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avghysezqnacfinbnlg.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zrzxlcldrlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\njvxpkxtljxaeiodqplx.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gzihwoyrgbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gzihwoyrgbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zrzxlcldrlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\njvxpkxtljxaeiodqplx.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\czmpiespihwafkrhvvsfi.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gzihwoyrgbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\njvxpkxtljxaeiodqplx.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zrzxlcldrlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\czmpiespihwafkrhvvsfi.exe | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ehajikehglgqbmzvpvyrazb.yxc | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\czmpiespihwafkrhvvsfi.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zrzxlcldrlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avghysezqnacfinbnlg.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zrzxlcldrlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\njvxpkxtljxaeiodqplx.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gzihwoyrgbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\czmpiespihwafkrhvvsfi.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\czmpiespihwafkrhvvsfi.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zrzxlcldrlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zrzxlcldrlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gzihwoyrgbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gzihwoyrgbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\njvxpkxtljxaeiodqplx.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gzihwoyrgbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\njvxpkxtljxaeiodqplx.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avghysezqnacfinbnlg.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gzihwoyrgbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\njvxpkxtljxaeiodqplx.exe | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\rfjdnaftdtzuqmkrwnbfzjwbpzpvqmigns.xbv | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| File created | C:\Program Files (x86)\rfjdnaftdtzuqmkrwnbfzjwbpzpvqmigns.xbv | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| File opened for modification | C:\Program Files (x86)\ehajikehglgqbmzvpvyrazb.yxc | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| File created | C:\Program Files (x86)\ehajikehglgqbmzvpvyrazb.yxc | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\avghysezqnacfinbnlg.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\pjttjcnhxtfgikobmj.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\njvxpkxtljxaeiodqplx.exe | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| File created | C:\Windows\ehajikehglgqbmzvpvyrazb.yxc | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| File opened for modification | C:\Windows\avghysezqnacfinbnlg.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\pjttjcnhxtfgikobmj.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\avghysezqnacfinbnlg.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\avghysezqnacfinbnlg.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\njvxpkxtljxaeiodqplx.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\zrzxlcldrlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\gzihwoyrgbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\zrzxlcldrlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\njvxpkxtljxaeiodqplx.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\zrzxlcldrlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\njvxpkxtljxaeiodqplx.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\pjttjcnhxtfgikobmj.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\czmpiespihwafkrhvvsfi.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\njvxpkxtljxaeiodqplx.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| File opened for modification | C:\Windows\gzihwoyrgbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| File opened for modification | C:\Windows\avghysezqnacfinbnlg.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\rfjdnaftdtzuqmkrwnbfzjwbpzpvqmigns.xbv | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| File opened for modification | C:\Windows\zrzxlcldrlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\njvxpkxtljxaeiodqplx.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\czmpiespihwafkrhvvsfi.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\czmpiespihwafkrhvvsfi.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\zrzxlcldrlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\avghysezqnacfinbnlg.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\njvxpkxtljxaeiodqplx.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\pjttjcnhxtfgikobmj.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\avghysezqnacfinbnlg.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\gzihwoyrgbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\zrzxlcldrlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\zrzxlcldrlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\gzihwoyrgbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\pjttjcnhxtfgikobmj.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\avghysezqnacfinbnlg.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\zrzxlcldrlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\njvxpkxtljxaeiodqplx.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\czmpiespihwafkrhvvsfi.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\pjttjcnhxtfgikobmj.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\trfjdapnhhxciowncdbptn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\njvxpkxtljxaeiodqplx.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\czmpiespihwafkrhvvsfi.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\gzihwoyrgbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\czmpiespihwafkrhvvsfi.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\avghysezqnacfinbnlg.exe | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| File opened for modification | C:\Windows\pjttjcnhxtfgikobmj.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\zrzxlcldrlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\czmpiespihwafkrhvvsfi.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\zrzxlcldrlvuuuwh.exe | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| File opened for modification | C:\Windows\avghysezqnacfinbnlg.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\avghysezqnacfinbnlg.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\gzihwoyrgbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\pjttjcnhxtfgikobmj.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\gzihwoyrgbmmnordn.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gzihwoyrgbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\avghysezqnacfinbnlg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\avghysezqnacfinbnlg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pjttjcnhxtfgikobmj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zrzxlcldrlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pjttjcnhxtfgikobmj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\avghysezqnacfinbnlg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\njvxpkxtljxaeiodqplx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zrzxlcldrlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\njvxpkxtljxaeiodqplx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gzihwoyrgbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pjttjcnhxtfgikobmj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zrzxlcldrlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gzihwoyrgbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gzihwoyrgbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\czmpiespihwafkrhvvsfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gzihwoyrgbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gzihwoyrgbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zrzxlcldrlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pjttjcnhxtfgikobmj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\njvxpkxtljxaeiodqplx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gzihwoyrgbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\njvxpkxtljxaeiodqplx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\czmpiespihwafkrhvvsfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gzihwoyrgbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zrzxlcldrlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zrzxlcldrlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gzihwoyrgbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pjttjcnhxtfgikobmj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pjttjcnhxtfgikobmj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\avghysezqnacfinbnlg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gzihwoyrgbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pjttjcnhxtfgikobmj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\czmpiespihwafkrhvvsfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gzihwoyrgbmmnordn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\czmpiespihwafkrhvvsfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zrzxlcldrlvuuuwh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\njvxpkxtljxaeiodqplx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\czmpiespihwafkrhvvsfi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\avghysezqnacfinbnlg.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\cjgtw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe"
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_ce23cbd71cc033cecb1958623ee620c1.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."
C:\Users\Admin\AppData\Local\Temp\cjgtw.exe
"C:\Users\Admin\AppData\Local\Temp\cjgtw.exe" "-C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe"
C:\Users\Admin\AppData\Local\Temp\cjgtw.exe
"C:\Users\Admin\AppData\Local\Temp\cjgtw.exe" "-C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe .
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe .
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe .
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe .
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe .
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe .
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe .
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe .
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .
C:\Windows\njvxpkxtljxaeiodqplx.exe
njvxpkxtljxaeiodqplx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .
C:\Windows\zrzxlcldrlvuuuwh.exe
zrzxlcldrlvuuuwh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe
C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Windows\pjttjcnhxtfgikobmj.exe
pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .
C:\Windows\gzihwoyrgbmmnordn.exe
gzihwoyrgbmmnordn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe
C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe
C:\Windows\czmpiespihwafkrhvvsfi.exe
czmpiespihwafkrhvvsfi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\avghysezqnacfinbnlg.exe
avghysezqnacfinbnlg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| DE | 142.251.209.137:80 | www.blogger.com | tcp |
| BG | 77.71.2.17:36937 | tcp | |
| DE | 85.214.228.140:80 | kgielb.info | tcp |
| SG | 13.214.182.154:80 | walpnmyrw.net | tcp |
| US | 104.156.155.94:80 | jexkhytfwddl.info | tcp |
| AU | 86.38.88.113:15750 | tcp | |
| US | 8.8.8.8:53 | kdnqpoh.info | udp |
| BG | 95.111.62.254:32629 | tcp | |
| US | 8.8.8.8:53 | oowqfaa.info | udp |
| US | 8.8.8.8:53 | klnajewatoz.net | udp |
| US | 8.8.8.8:53 | bbkopbgx.net | udp |
| US | 8.8.8.8:53 | nyxozjwas.net | udp |
| BG | 213.231.138.107:28101 | tcp | |
| US | 8.8.8.8:53 | rexvbcj.info | udp |
| US | 8.8.8.8:53 | qcrgay.info | udp |
| LT | 88.119.161.80:18660 | tcp | |
| US | 8.8.8.8:53 | nmavhfu.org | udp |
| US | 8.8.8.8:53 | aqiwmyai.org | udp |
| US | 8.8.8.8:53 | ssdybmhqc.net | udp |
| US | 8.8.8.8:53 | cqcafaz.info | udp |
| BG | 95.111.62.254:32629 | tcp | |
| US | 8.8.8.8:53 | eyzuvkt.info | udp |
| US | 8.8.8.8:53 | wkbgtwjqb.net | udp |
| BG | 109.121.242.192:45510 | tcp | |
| US | 8.8.8.8:53 | tuhgqarb.net | udp |
| US | 8.8.8.8:53 | sacyyemmmags.org | udp |
| US | 8.8.8.8:53 | zkhshsjul.info | udp |
| US | 8.8.8.8:53 | ywsqznkqcws.info | udp |
| BG | 88.80.122.104:39111 | tcp | |
| US | 8.8.8.8:53 | jvpmklibug.net | udp |
| US | 8.8.8.8:53 | bthzwjgxug.net | udp |
| BG | 95.87.215.173:36449 | tcp | |
| US | 8.8.8.8:53 | lemrzadcb.com | udp |
| US | 8.8.8.8:53 | kfcyvkqzskfw.info | udp |
| US | 8.8.8.8:53 | xlizwrhw.info | udp |
| LT | 78.58.127.143:15222 | tcp | |
| US | 8.8.8.8:53 | zolaxrnqfkb.net | udp |
| LT | 78.58.4.60:20252 | tcp | |
| US | 8.8.8.8:53 | mgyimumi.org | udp |
| US | 8.8.8.8:53 | ccgasssoyw.com | udp |
| LT | 78.61.195.32:20345 | tcp | |
| US | 8.8.8.8:53 | rmkvpv.info | udp |
| US | 8.8.8.8:53 | ffkjhufe.info | udp |
| US | 8.8.8.8:53 | cgbknan.net | udp |
| US | 8.8.8.8:53 | ckjeesxuj.info | udp |
| LT | 78.62.224.81:35486 | tcp | |
| US | 8.8.8.8:53 | pefbeyzgq.org | udp |
| US | 8.8.8.8:53 | ymssey.com | udp |
| US | 8.8.8.8:53 | yelcfatsbqn.info | udp |
| US | 8.8.8.8:53 | hqmqkoxcm.info | udp |
| PT | 89.116.195.245:24488 | tcp | |
| US | 8.8.8.8:53 | uvgviwur.info | udp |
| US | 8.8.8.8:53 | xevbbybil.net | udp |
| US | 8.8.8.8:53 | czazvwqaemn.net | udp |
| US | 8.8.8.8:53 | louymi.info | udp |
| LT | 78.62.82.62:25833 | tcp | |
| US | 8.8.8.8:53 | rcakpthqmol.net | udp |
| US | 8.8.8.8:53 | wehdvwjephj.net | udp |
| DE | 85.214.228.140:80 | kgielb.info | tcp |
| SG | 13.214.182.154:80 | walpnmyrw.net | tcp |
| US | 104.156.155.94:80 | jexkhytfwddl.info | tcp |
| BG | 93.183.183.3:17593 | tcp | |
| US | 8.8.8.8:53 | lqxxbxjjushd.info | udp |
| US | 8.8.8.8:53 | larpqwfi.net | udp |
| ES | 94.73.54.183:26385 | tcp | |
| US | 8.8.8.8:53 | jgrwvml.info | udp |
| US | 8.8.8.8:53 | uvndqsxhg.info | udp |
| US | 8.8.8.8:53 | fmvaezgdpwx.com | udp |
| US | 8.8.8.8:53 | oowqfaa.info | udp |
| US | 8.8.8.8:53 | wodkdyk.net | udp |
| US | 8.8.8.8:53 | cqtavyn.net | udp |
| US | 8.8.8.8:53 | xgsefzm.com | udp |
| US | 8.8.8.8:53 | cqpblckecxly.net | udp |
| US | 8.8.8.8:53 | ccqdtyvqbys.info | udp |
| US | 8.8.8.8:53 | tdjrbb.info | udp |
| US | 8.8.8.8:53 | cmaeaeomsmgm.com | udp |
| US | 8.8.8.8:53 | ahfngvtb.info | udp |
| US | 8.8.8.8:53 | scscka.com | udp |
| US | 8.8.8.8:53 | ugrcnfqtpyl.net | udp |
| US | 8.8.8.8:53 | feznzv.net | udp |
| US | 8.8.8.8:53 | pqjgknpyt.info | udp |
| US | 8.8.8.8:53 | vwtoxuzax.net | udp |
| US | 8.8.8.8:53 | twxqjwzk.info | udp |
| US | 8.8.8.8:53 | omeygqcqyucy.com | udp |
| US | 8.8.8.8:53 | juiujid.org | udp |
| US | 8.8.8.8:53 | birshn.net | udp |
| US | 8.8.8.8:53 | cikaugfdfs.net | udp |
| US | 8.8.8.8:53 | jvhzhccygax.org | udp |
| US | 8.8.8.8:53 | dgrydww.info | udp |
| US | 8.8.8.8:53 | wkhtrctoh.net | udp |
| US | 8.8.8.8:53 | oksygc.org | udp |
| US | 8.8.8.8:53 | esuqumgeoc.com | udp |
| US | 8.8.8.8:53 | tupuxkqajod.com | udp |
| US | 8.8.8.8:53 | pgcvtzlu.net | udp |
| US | 8.8.8.8:53 | ltcazh.net | udp |
| US | 8.8.8.8:53 | qavvqital.info | udp |
| US | 8.8.8.8:53 | wdzwvsy.net | udp |
| US | 8.8.8.8:53 | pdjstqhpandu.net | udp |
| US | 8.8.8.8:53 | rxlbuafe.net | udp |
| US | 8.8.8.8:53 | peeqrazamh.net | udp |
| US | 8.8.8.8:53 | zbosmuj.net | udp |
| US | 8.8.8.8:53 | eiuoaakw.org | udp |
| US | 8.8.8.8:53 | zkfqvyfpv.com | udp |
| US | 8.8.8.8:53 | epieyl.net | udp |
| US | 8.8.8.8:53 | jrhutut.org | udp |
| US | 8.8.8.8:53 | uagasoao.com | udp |
| US | 8.8.8.8:53 | cmrvpuwms.net | udp |
| US | 8.8.8.8:53 | wcfnlu.info | udp |
| US | 8.8.8.8:53 | qhnohshvw.net | udp |
| US | 8.8.8.8:53 | fvhyqkpqdwst.info | udp |
| US | 8.8.8.8:53 | ucwmoumwymuc.com | udp |
| US | 8.8.8.8:53 | aupiqadwu.net | udp |
| US | 8.8.8.8:53 | ciwacksw.com | udp |
| US | 8.8.8.8:53 | zakfvnuu.net | udp |
| US | 8.8.8.8:53 | jqfqjiagf.info | udp |
| US | 8.8.8.8:53 | vwcslinzs.com | udp |
| US | 8.8.8.8:53 | nhrrld.info | udp |
| US | 8.8.8.8:53 | zznwhnjofut.info | udp |
| US | 8.8.8.8:53 | nygqhmzun.info | udp |
| US | 8.8.8.8:53 | taxpbp.info | udp |
| US | 8.8.8.8:53 | kmhwbwh.info | udp |
| US | 8.8.8.8:53 | cebjpyltnu.net | udp |
| US | 8.8.8.8:53 | jksholyztups.info | udp |
| US | 8.8.8.8:53 | tbzfbsmm.info | udp |
| US | 8.8.8.8:53 | okgccrvs.net | udp |
| US | 8.8.8.8:53 | gewegc.org | udp |
| US | 8.8.8.8:53 | ztqilgzv.net | udp |
| US | 8.8.8.8:53 | jqbcyolmf.info | udp |
| US | 8.8.8.8:53 | tmlinbmb.info | udp |
| US | 8.8.8.8:53 | rieuxbwmvg.info | udp |
| US | 8.8.8.8:53 | lkjjvkcuv.net | udp |
| US | 8.8.8.8:53 | iidfjaxm.info | udp |
| US | 8.8.8.8:53 | ymsciwsqsoey.org | udp |
| US | 8.8.8.8:53 | iupgmiw.info | udp |
| US | 8.8.8.8:53 | mzqsrxpiwxvl.net | udp |
| US | 8.8.8.8:53 | ufyziehq.net | udp |
| US | 8.8.8.8:53 | tujmcwb.info | udp |
| US | 8.8.8.8:53 | fikabkhybxw.org | udp |
| US | 8.8.8.8:53 | ztrgigatbjgs.info | udp |
| US | 8.8.8.8:53 | ieuyycwqwkoc.com | udp |
| US | 8.8.8.8:53 | yvhceagog.net | udp |
| US | 8.8.8.8:53 | fhjevs.net | udp |
| US | 8.8.8.8:53 | ztrczgnqt.info | udp |
| US | 8.8.8.8:53 | eeaoqqwmkm.org | udp |
| US | 8.8.8.8:53 | iakjsodugwp.net | udp |
| US | 8.8.8.8:53 | wabtojhyts.net | udp |
| US | 8.8.8.8:53 | uimqwaycag.com | udp |
| US | 8.8.8.8:53 | nebtunbeh.org | udp |
| US | 8.8.8.8:53 | byprpj.net | udp |
| US | 8.8.8.8:53 | frdsmbhefbym.net | udp |
| US | 8.8.8.8:53 | gflijqoujwy.net | udp |
| US | 8.8.8.8:53 | opijpok.info | udp |
| US | 8.8.8.8:53 | zxebhskrcn.info | udp |
| BG | 87.120.123.32:43497 | tcp | |
| US | 8.8.8.8:53 | sonwdwhxrck.info | udp |
| US | 8.8.8.8:53 | lvtyhqheccxw.net | udp |
| US | 8.8.8.8:53 | supcjir.net | udp |
| US | 8.8.8.8:53 | yokwmw.com | udp |
| US | 8.8.8.8:53 | xilbnlhhsz.info | udp |
| US | 8.8.8.8:53 | yxdcbkjz.info | udp |
| US | 8.8.8.8:53 | mcygkwqm.org | udp |
| US | 8.8.8.8:53 | irlhbubaeq.info | udp |
| US | 8.8.8.8:53 | wakslmqcvks.info | udp |
| US | 8.8.8.8:53 | simkgkkmcigi.com | udp |
| US | 8.8.8.8:53 | ptmxljkr.info | udp |
| US | 8.8.8.8:53 | fewdhf.info | udp |
| US | 8.8.8.8:53 | xrvmfpbqhipd.net | udp |
| US | 8.8.8.8:53 | gohojtixduv.info | udp |
| US | 8.8.8.8:53 | yguoxoj.net | udp |
| US | 8.8.8.8:53 | jxcsgestbkig.net | udp |
| US | 8.8.8.8:53 | kcyowkao.com | udp |
| US | 8.8.8.8:53 | pimerftnrv.info | udp |
| US | 8.8.8.8:53 | qhkcuyj.info | udp |
| US | 8.8.8.8:53 | zmnprckzdsq.org | udp |
| US | 8.8.8.8:53 | wckwksiseo.com | udp |
| US | 8.8.8.8:53 | gcdbdgtyxez.net | udp |
| US | 8.8.8.8:53 | ijevrjmd.net | udp |
| US | 8.8.8.8:53 | ebkdbofm.net | udp |
| US | 8.8.8.8:53 | ialsfnaqy.net | udp |
| US | 8.8.8.8:53 | iilrlohnhnh.info | udp |
| US | 8.8.8.8:53 | bmdrbznzfq.info | udp |
| US | 8.8.8.8:53 | jimkfylz.info | udp |
| US | 8.8.8.8:53 | suaawe.org | udp |
| US | 8.8.8.8:53 | mgqiuk.com | udp |
| US | 8.8.8.8:53 | jqlnkcjqk.net | udp |
| US | 8.8.8.8:53 | pifpsi.net | udp |
| US | 8.8.8.8:53 | gjoieqt.net | udp |
| US | 8.8.8.8:53 | ayvjaphixbvv.info | udp |
| US | 8.8.8.8:53 | mhnnqyayup.info | udp |
| US | 8.8.8.8:53 | ootknwfif.net | udp |
| US | 8.8.8.8:53 | lxhewirho.net | udp |
| US | 8.8.8.8:53 | ekhuhobsv.info | udp |
| US | 8.8.8.8:53 | rdbtnkbuzagk.net | udp |
| US | 8.8.8.8:53 | pyjijevexje.net | udp |
| US | 8.8.8.8:53 | vjjjeujpli.net | udp |
| US | 8.8.8.8:53 | aqiwmyai.org | udp |
| US | 8.8.8.8:53 | nskhnlkl.net | udp |
| US | 8.8.8.8:53 | mqyzyqtydaxu.net | udp |
| US | 8.8.8.8:53 | iyxxayc.net | udp |
| US | 8.8.8.8:53 | uqgcsa.com | udp |
| US | 8.8.8.8:53 | fdygvtpuse.info | udp |
| US | 8.8.8.8:53 | swlmkovddcp.net | udp |
| US | 8.8.8.8:53 | ejjmqczyncn.info | udp |
| US | 8.8.8.8:53 | wmvwrsj.net | udp |
| US | 8.8.8.8:53 | lkmrwxik.net | udp |
| US | 8.8.8.8:53 | zugauui.info | udp |
| US | 8.8.8.8:53 | tcpbcllr.info | udp |
| US | 8.8.8.8:53 | xpltga.net | udp |
| US | 8.8.8.8:53 | zutagbtdnoxk.net | udp |
| US | 8.8.8.8:53 | hurkpv.info | udp |
| US | 8.8.8.8:53 | jibkvapyu.info | udp |
| US | 8.8.8.8:53 | sagsmu.com | udp |
| US | 8.8.8.8:53 | hcfdjb.net | udp |
| US | 8.8.8.8:53 | kmwkikwwwm.org | udp |
| US | 8.8.8.8:53 | bspkiyozhaf.net | udp |
| US | 8.8.8.8:53 | ikaofemxze.net | udp |
| US | 8.8.8.8:53 | gnzpxs.net | udp |
| US | 8.8.8.8:53 | bfvhsatmq.com | udp |
| US | 8.8.8.8:53 | yvbwugrnjv.info | udp |
| US | 8.8.8.8:53 | wmcauomiay.com | udp |
| US | 8.8.8.8:53 | plgcwwlhz.org | udp |
| US | 8.8.8.8:53 | fzpxxofkfhkf.net | udp |
| US | 8.8.8.8:53 | kumgaeewicsy.org | udp |
| US | 8.8.8.8:53 | souobkislmb.net | udp |
| US | 8.8.8.8:53 | qerofmbgxsy.info | udp |
| US | 8.8.8.8:53 | uhkdrnzknot.net | udp |
| US | 8.8.8.8:53 | ccqcmusukkce.org | udp |
| US | 8.8.8.8:53 | pqdxdeez.net | udp |
| US | 8.8.8.8:53 | oimwoycw.com | udp |
| US | 8.8.8.8:53 | mkrhhdvgj.info | udp |
| US | 8.8.8.8:53 | nebbbqqermn.com | udp |
| US | 8.8.8.8:53 | uogicigmue.org | udp |
| US | 8.8.8.8:53 | vshojgufl.info | udp |
| US | 8.8.8.8:53 | gvtmfaxn.net | udp |
| US | 8.8.8.8:53 | vfoqjji.net | udp |
| US | 8.8.8.8:53 | kiuykkwgsoii.com | udp |
| US | 8.8.8.8:53 | sifcvxqr.net | udp |
| US | 8.8.8.8:53 | qeavjcpcojby.info | udp |
| US | 8.8.8.8:53 | wqeackuewq.com | udp |
| US | 8.8.8.8:53 | qyokgfmstqrl.info | udp |
| US | 8.8.8.8:53 | gwfcwdn.net | udp |
| US | 8.8.8.8:53 | pmswgpzjxcl.info | udp |
| US | 8.8.8.8:53 | mpwmvekw.info | udp |
| US | 8.8.8.8:53 | pkxnftaviu.info | udp |
| US | 8.8.8.8:53 | ecaxpk.info | udp |
| US | 8.8.8.8:53 | mfiukx.net | udp |
| US | 8.8.8.8:53 | ipzyvg.net | udp |
| US | 8.8.8.8:53 | ezzekefsau.net | udp |
| US | 8.8.8.8:53 | bohahun.com | udp |
| US | 8.8.8.8:53 | pmkjtfqint.info | udp |
| US | 8.8.8.8:53 | tvnxbc.net | udp |
| US | 8.8.8.8:53 | gurwcewak.net | udp |
| US | 8.8.8.8:53 | pfdhignj.net | udp |
| US | 8.8.8.8:53 | ugwykw.org | udp |
| US | 8.8.8.8:53 | gscoawecsuec.org | udp |
| US | 8.8.8.8:53 | tkvltrgf.net | udp |
| US | 8.8.8.8:53 | abriltdkagas.net | udp |
| US | 8.8.8.8:53 | nhyqrp.info | udp |
| US | 8.8.8.8:53 | izxmov.info | udp |
| US | 8.8.8.8:53 | lqfdpkpeesj.org | udp |
| US | 8.8.8.8:53 | olijdrlmzb.net | udp |
| US | 8.8.8.8:53 | ndncedor.info | udp |
| US | 8.8.8.8:53 | tkzcjudkoudh.info | udp |
| US | 8.8.8.8:53 | nxichdfufz.net | udp |
| US | 8.8.8.8:53 | dctxvtxeq.com | udp |
| US | 8.8.8.8:53 | rksshfydh.org | udp |
| US | 8.8.8.8:53 | iudaiyiutga.net | udp |
| US | 8.8.8.8:53 | aqmkhxo.net | udp |
| US | 8.8.8.8:53 | dxfbwmtwa.com | udp |
| US | 8.8.8.8:53 | ewiwowaeoaym.com | udp |
| US | 8.8.8.8:53 | fwrhago.com | udp |
| US | 8.8.8.8:53 | qmgnqyayup.net | udp |
| US | 8.8.8.8:53 | domhboffgsj.org | udp |
| US | 8.8.8.8:53 | vcztbwhrval.com | udp |
| US | 8.8.8.8:53 | mqikqmkc.org | udp |
| US | 8.8.8.8:53 | ksyvbgn.net | udp |
| US | 8.8.8.8:53 | olwwzvbjuvtp.info | udp |
| US | 8.8.8.8:53 | ndhfgrucbg.net | udp |
| US | 8.8.8.8:53 | yffbsbvpxj.net | udp |
| DE | 87.121.55.155:15843 | tcp | |
| US | 8.8.8.8:53 | uoripa.info | udp |
| US | 8.8.8.8:53 | jztyih.net | udp |
| US | 8.8.8.8:53 | trmpdopurehp.info | udp |
| US | 8.8.8.8:53 | vghrznsx.info | udp |
| US | 8.8.8.8:53 | gtwgjuhgzb.info | udp |
Files
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
| MD5 | 2512476e7a1ded0f5cb213d86d6dd279 |
| SHA1 | 1e9a59922c89ba5816895435236ae24b2d7d2708 |
| SHA256 | a2d1dc560b9a118a86d1cbb9983d895e23b42b0cff8e40c4c05c63ebd82b7192 |
| SHA512 | f5500ea62ec18f03d6909576c58e5ddefcacfd46624410f8294c17bfa788256705b7700e9dd7f75c8a981a51a269f9de7d51212b664465cce9a7da370bf4090e |
C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe
| MD5 | ce23cbd71cc033cecb1958623ee620c1 |
| SHA1 | ee0c07c78a5eeb4216a4e178e871f04ef0ba9b00 |
| SHA256 | 270dce235ce96e14c6472a545008e2e80c489f41b21f8ce9db95a60dd18f99c3 |
| SHA512 | 9a26d99303a7e07e4b5be581d4621d8af9705106ef6f26ab5326911c0d0aa065658951c5ca5c3b7dc1c4603c65a5ff0b8dbed4dbbc43b7bcd3d93dafa18b6a73 |
C:\Users\Admin\AppData\Local\Temp\cjgtw.exe
| MD5 | 5434734dfe6c4bc148621c5e88350d67 |
| SHA1 | 92e4a6a2bba9170cf4af598ffb465c95c866e691 |
| SHA256 | 609ce70a7d493b2dedc2e7782ba021b54ddca146f5e8cdee6b4335bc06268f48 |
| SHA512 | f546c8975aa6489bd4f0f03172fefa5c008726d0e19553e331fdd0d6dc38b7f8fd93ad5f7c3219b8406bc43e941c35f342b7251a55ab035a97ad967379b6b080 |
C:\Users\Admin\AppData\Local\rfjdnaftdtzuqmkrwnbfzjwbpzpvqmigns.xbv
| MD5 | b67c6177af40750f1010e272be76dd62 |
| SHA1 | ff9e67f09139c6fb2a33d99bdbc774a965eeb5c6 |
| SHA256 | cd508d555c649316843e5563fa304fb9b8c699088f21b3149a0700b10f4d91f5 |
| SHA512 | c1848044f93b47d45a6126d727facad1f753c96c97ce579680fc8da0a9f2ba1fe8ed73d86617c1d8022e81f0f452442ade4ecd0664a84919848329bf84cdd42f |
C:\Users\Admin\AppData\Local\ehajikehglgqbmzvpvyrazb.yxc
| MD5 | e529d6feb27c6508a725b288c3db6e79 |
| SHA1 | 0b6d2d8e142e25d4f95502c7ea34e350c5533935 |
| SHA256 | 654ec5f9059bc4d62f7d929bf858513d9da10ffe56ec560cc96771929c1528a5 |
| SHA512 | fd95014c71b16d25c3eb90344236d93f56fc9b9dac6c59959b8ecc40bf1c5f921815a7bef4b83deb1676bcc17d44c41edaf8fc6ccf1c0c6740e3c02cb660c33c |
C:\Program Files (x86)\ehajikehglgqbmzvpvyrazb.yxc
| MD5 | accea39c7af13a3cfe38468e500032fb |
| SHA1 | 8ef70f1ed4b5f60e614309b0cc47604b2fab7b8e |
| SHA256 | 7cd7e79d2806f87dc80a694fbc4c1fdad31f2f85f8ad93e726f38a913917d2a5 |
| SHA512 | e317a4e337f431cdedbb6fdf8bcb6d8cb127ea2e2bca93f0c0589d9394146eb4337ac26bf0326e3a18b7a995da7a2f713fcfe8de3019d9f277255f7241d38415 |
C:\Program Files (x86)\ehajikehglgqbmzvpvyrazb.yxc
| MD5 | 46c7839e83713ca3adc4523990eb9a63 |
| SHA1 | 9f28aff0e65dc9e9e03b72af4a0dd2944016b113 |
| SHA256 | fb424669e016850774671fa706c35c0d425da98d1f9360388aab43050b8ba31f |
| SHA512 | 5d71420d8ec07578e2288a794092a9b3e3348c11c9961bfe051198a7277aaf5a3d1fbf39652b5d5faac668c6ffe7d810d3ff7accaf1d1966c958171793ccc140 |
C:\Program Files (x86)\ehajikehglgqbmzvpvyrazb.yxc
| MD5 | 847721a93f8f448c657cddfaa0ac7ac5 |
| SHA1 | 644100d1ac98b61271efd150c54bed06886b7e08 |
| SHA256 | d40d88c5e44f6330c0aff039a46aa500dc79cc573138e23a861f1808e1e71abf |
| SHA512 | 79ee2ab25fc514381b01533b3ce917608cea8d419015a0720f17a71fce58b8c8e55dd8d5c252ff31f4c40ceaae54dd1db7712d1336bb57b13a46c65aa4afac79 |
C:\Program Files (x86)\ehajikehglgqbmzvpvyrazb.yxc
| MD5 | de1798206ee0d521013e6bc7cd18c94a |
| SHA1 | 055d4c639f3dc3bb78c7271c8ec6b5dee87f8b43 |
| SHA256 | 37bda3c9d69e6d0874ad156d4cd09a9b0a3a56531711e66049a1540aff5051a0 |
| SHA512 | d55af13be9ee12701748c49cef1c622cf40813e3ad5b118f519712e478dc413a22d1ba8228544acea5d7c2216722865c591a9f447d49feac018ab118476f2843 |
C:\Program Files (x86)\ehajikehglgqbmzvpvyrazb.yxc
| MD5 | 70a4a4ca5003fe431cb9c6e04cb8d1a0 |
| SHA1 | f60eafa8034509c683c9afedad105d196f2fd159 |
| SHA256 | 847c3d2e65dc5cdf7a7fc521ce2a04297c249a29a1168f491b2b75340e8a0c98 |
| SHA512 | bc115d7bc8720e33d39e8390c17178fee637eb91b1e20a82202698995402b75b514649dae8b5856025cc020eedd07f0e881e3dbb0707be32bfe4f531ef66bbdb |
C:\Program Files (x86)\ehajikehglgqbmzvpvyrazb.yxc
| MD5 | 8129fc03435465a517e96bba669985c9 |
| SHA1 | 0e833de0465c8fb802a7d7173c6eb5e11218fede |
| SHA256 | 12217bb4f9851d27c4cf943e1742719f1bf8bfa93f6a00decb29a20caef9b0bd |
| SHA512 | 27a84a712952f75e4cd444df654c914ee02a3085347f4df0905c1d5ad63c91864b2dc324b86e162c5be5acda40a17c910e86c661c96a7a3970863364764089d3 |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-22 13:08
Reported
2025-04-22 13:11
Platform
win10v2004-20250410-en
Max time kernel
29s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iizqddsmzppcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iizqddsmzppcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "vysmcfxukdgwcqcfjhjmg.exe" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "vysmcfxukdgwcqcfjhjmg.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "sqfufdqithfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqfufdqithfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "gibujlcynfhwbozbebce.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iizqddsmzppcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqfufdqithfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "gibujlcynfhwbozbebce.exe" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "tumestjesjkycoyzbxx.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iizqddsmzppcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gibujlcynfhwbozbebce.exe" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "sqfufdqithfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "gibujlcynfhwbozbebce.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqfufdqithfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "gibujlcynfhwbozbebce.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "sqfufdqithfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vysmcfxukdgwcqcfjhjmg.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "sqfufdqithfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "iizqddsmzppcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "vysmcfxukdgwcqcfjhjmg.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "tumestjesjkycoyzbxx.exe" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gibujlcynfhwbozbebce.exe" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "vysmcfxukdgwcqcfjhjmg.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\gibujlcynfhwbozbebce.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\gibujlcynfhwbozbebce.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\iizqddsmzppcfqzzav.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\tumestjesjkycoyzbxx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\tumestjesjkycoyzbxx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\zyoeqpdwixwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\iizqddsmzppcfqzzav.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\gibujlcynfhwbozbebce.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\zyoeqpdwixwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\sqfufdqithfqrahf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\iizqddsmzppcfqzzav.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\iizqddsmzppcfqzzav.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\zyoeqpdwixwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\gibujlcynfhwbozbebce.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\tumestjesjkycoyzbxx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\gibujlcynfhwbozbebce.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\tumestjesjkycoyzbxx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\sqfufdqithfqrahf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\tumestjesjkycoyzbxx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\zyoeqpdwixwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\zyoeqpdwixwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\tumestjesjkycoyzbxx.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "vysmcfxukdgwcqcfjhjmg.exe ." | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "zyoeqpdwixwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqfufdqithfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "vysmcfxukdgwcqcfjhjmg.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sqfufdqithfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqfufdqithfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "tumestjesjkycoyzbxx.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sqfufdqithfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gibujlcynfhwbozbebce.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nkymwtfwgtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tumestjesjkycoyzbxx.exe ." | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vysmcfxukdgwcqcfjhjmg.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sqfufdqithfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqfufdqithfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nkymwtfwgtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "tumestjesjkycoyzbxx.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nkymwtfwgtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqfufdqithfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sqfufdqithfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gibujlcynfhwbozbebce.exe" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tumestjesjkycoyzbxx.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sqfufdqithfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vysmcfxukdgwcqcfjhjmg.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nkymwtfwgtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jeqckfpemxsay = "gibujlcynfhwbozbebce.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "iizqddsmzppcfqzzav.exe ." | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jeqckfpemxsay = "zyoeqpdwixwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "vysmcfxukdgwcqcfjhjmg.exe ." | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sqfufdqithfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iizqddsmzppcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "tumestjesjkycoyzbxx.exe ." | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "iizqddsmzppcfqzzav.exe ." | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "gibujlcynfhwbozbebce.exe ." | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "tumestjesjkycoyzbxx.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "sqfufdqithfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "tumestjesjkycoyzbxx.exe ." | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jeqckfpemxsay = "vysmcfxukdgwcqcfjhjmg.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "zyoeqpdwixwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "zyoeqpdwixwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tumestjesjkycoyzbxx.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "tumestjesjkycoyzbxx.exe ." | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gibujlcynfhwbozbebce.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sqfufdqithfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iizqddsmzppcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jeqckfpemxsay = "vysmcfxukdgwcqcfjhjmg.exe" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "gibujlcynfhwbozbebce.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sqfufdqithfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iizqddsmzppcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tumestjesjkycoyzbxx.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jeqckfpemxsay = "iizqddsmzppcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "vysmcfxukdgwcqcfjhjmg.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "zyoeqpdwixwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vysmcfxukdgwcqcfjhjmg.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "gibujlcynfhwbozbebce.exe ." | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "vysmcfxukdgwcqcfjhjmg.exe ." | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "vysmcfxukdgwcqcfjhjmg.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "tumestjesjkycoyzbxx.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "iizqddsmzppcfqzzav.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nkymwtfwgtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqfufdqithfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "tumestjesjkycoyzbxx.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jeqckfpemxsay = "zyoeqpdwixwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gibujlcynfhwbozbebce.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "gibujlcynfhwbozbebce.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sqfufdqithfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vysmcfxukdgwcqcfjhjmg.exe" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqfufdqithfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jeqckfpemxsay = "sqfufdqithfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iizqddsmzppcfqzzav.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "zyoeqpdwixwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iizqddsmzppcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jeqckfpemxsay = "zyoeqpdwixwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\vysmcfxukdgwcqcfjhjmg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zyoeqpdwixwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tumestjesjkycoyzbxx.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sqfufdqithfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tumestjesjkycoyzbxx.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mqlgxbusjdhyfuhlqpswrm.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sqfufdqithfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vysmcfxukdgwcqcfjhjmg.exe | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iizqddsmzppcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iizqddsmzppcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tumestjesjkycoyzbxx.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sqfufdqithfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vysmcfxukdgwcqcfjhjmg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zyoeqpdwixwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iizqddsmzppcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zyoeqpdwixwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iizqddsmzppcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zyoeqpdwixwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iizqddsmzppcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iizqddsmzppcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mqlgxbusjdhyfuhlqpswrm.exe | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tumestjesjkycoyzbxx.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tumestjesjkycoyzbxx.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mqlgxbusjdhyfuhlqpswrm.exe | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vysmcfxukdgwcqcfjhjmg.exe | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sqfufdqithfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mqlgxbusjdhyfuhlqpswrm.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sqfufdqithfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tumestjesjkycoyzbxx.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vysmcfxukdgwcqcfjhjmg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sqfufdqithfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tumestjesjkycoyzbxx.exe | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jeqckfpemxsayeidzpjeqckfpemxsayeidz.jeq | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sqfufdqithfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mqlgxbusjdhyfuhlqpswrm.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iizqddsmzppcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File created | C:\Windows\SysWOW64\aklmjtswttdaniblwbkuvwtd.gdd | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File created | C:\Windows\SysWOW64\jeqckfpemxsayeidzpjeqckfpemxsayeidz.jeq | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iizqddsmzppcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tumestjesjkycoyzbxx.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zyoeqpdwixwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vysmcfxukdgwcqcfjhjmg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vysmcfxukdgwcqcfjhjmg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vysmcfxukdgwcqcfjhjmg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mqlgxbusjdhyfuhlqpswrm.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zyoeqpdwixwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zyoeqpdwixwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vysmcfxukdgwcqcfjhjmg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mqlgxbusjdhyfuhlqpswrm.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mqlgxbusjdhyfuhlqpswrm.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mqlgxbusjdhyfuhlqpswrm.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iizqddsmzppcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\aklmjtswttdaniblwbkuvwtd.gdd | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File created | C:\Program Files (x86)\aklmjtswttdaniblwbkuvwtd.gdd | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Program Files (x86)\jeqckfpemxsayeidzpjeqckfpemxsayeidz.jeq | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File created | C:\Program Files (x86)\jeqckfpemxsayeidzpjeqckfpemxsayeidz.jeq | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\mqlgxbusjdhyfuhlqpswrm.exe | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\gibujlcynfhwbozbebce.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\mqlgxbusjdhyfuhlqpswrm.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\zyoeqpdwixwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\zyoeqpdwixwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\iizqddsmzppcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\mqlgxbusjdhyfuhlqpswrm.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\sqfufdqithfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\gibujlcynfhwbozbebce.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\iizqddsmzppcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\sqfufdqithfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\sqfufdqithfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\mqlgxbusjdhyfuhlqpswrm.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\gibujlcynfhwbozbebce.exe | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\tumestjesjkycoyzbxx.exe | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File created | C:\Windows\aklmjtswttdaniblwbkuvwtd.gdd | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\zyoeqpdwixwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\sqfufdqithfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\iizqddsmzppcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\gibujlcynfhwbozbebce.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\iizqddsmzppcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\gibujlcynfhwbozbebce.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\tumestjesjkycoyzbxx.exe | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\tumestjesjkycoyzbxx.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\mqlgxbusjdhyfuhlqpswrm.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\iizqddsmzppcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\iizqddsmzppcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\sqfufdqithfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\tumestjesjkycoyzbxx.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\tumestjesjkycoyzbxx.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\mqlgxbusjdhyfuhlqpswrm.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\tumestjesjkycoyzbxx.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\tumestjesjkycoyzbxx.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\iizqddsmzppcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\tumestjesjkycoyzbxx.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\mqlgxbusjdhyfuhlqpswrm.exe | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\aklmjtswttdaniblwbkuvwtd.gdd | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\sqfufdqithfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\gibujlcynfhwbozbebce.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\zyoeqpdwixwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\gibujlcynfhwbozbebce.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\zyoeqpdwixwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\sqfufdqithfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\mqlgxbusjdhyfuhlqpswrm.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\zyoeqpdwixwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\gibujlcynfhwbozbebce.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\mqlgxbusjdhyfuhlqpswrm.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\iizqddsmzppcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\iizqddsmzppcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\zyoeqpdwixwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| File opened for modification | C:\Windows\sqfufdqithfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\zyoeqpdwixwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\gibujlcynfhwbozbebce.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\sqfufdqithfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\mqlgxbusjdhyfuhlqpswrm.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\sqfufdqithfqrahf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\iizqddsmzppcfqzzav.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zyoeqpdwixwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\iizqddsmzppcfqzzav.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zyoeqpdwixwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\sqfufdqithfqrahf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\iizqddsmzppcfqzzav.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zyoeqpdwixwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zyoeqpdwixwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gibujlcynfhwbozbebce.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tumestjesjkycoyzbxx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gibujlcynfhwbozbebce.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gibujlcynfhwbozbebce.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tumestjesjkycoyzbxx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\iizqddsmzppcfqzzav.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tumestjesjkycoyzbxx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tumestjesjkycoyzbxx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zyoeqpdwixwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zyoeqpdwixwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\sqfufdqithfqrahf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gibujlcynfhwbozbebce.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tumestjesjkycoyzbxx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tumestjesjkycoyzbxx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tumestjesjkycoyzbxx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tumestjesjkycoyzbxx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\guzeft.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe"
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_ce23cbd71cc033cecb1958623ee620c1.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."
C:\Users\Admin\AppData\Local\Temp\guzeft.exe
"C:\Users\Admin\AppData\Local\Temp\guzeft.exe" "-C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe"
C:\Users\Admin\AppData\Local\Temp\guzeft.exe
"C:\Users\Admin\AppData\Local\Temp\guzeft.exe" "-C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe .
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe .
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe
C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe .
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .
C:\Windows\sqfufdqithfqrahf.exe
sqfufdqithfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zyoeqpdwixwikucbb.exe
zyoeqpdwixwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .
C:\Windows\iizqddsmzppcfqzzav.exe
iizqddsmzppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe
C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe
C:\Windows\tumestjesjkycoyzbxx.exe
tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\gibujlcynfhwbozbebce.exe
gibujlcynfhwbozbebce.exe .
C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
vysmcfxukdgwcqcfjhjmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 104.156.155.94:80 | jexkhytfwddl.info | tcp |
| US | 8.8.8.8:53 | dnpuox.info | udp |
| US | 8.8.8.8:53 | kckuvibogpr.info | udp |
| AU | 86.38.88.113:15750 | tcp | |
| US | 8.8.8.8:53 | gywtwwlod.info | udp |
| US | 8.8.8.8:53 | ieykyo.org | udp |
| US | 8.8.8.8:53 | sjprybamvq.net | udp |
| LT | 78.62.52.110:34385 | tcp | |
| US | 8.8.8.8:53 | uotalijyvwzs.info | udp |
| US | 8.8.8.8:53 | imieeq.com | udp |
| US | 8.8.8.8:53 | nfabgozzrzrt.net | udp |
| US | 8.8.8.8:53 | vgfsrnh.com | udp |
| US | 8.8.8.8:53 | sankjiltb.info | udp |
| US | 8.8.8.8:53 | qbvxzenxguqt.info | udp |
| US | 8.8.8.8:53 | ckcfupeuro.net | udp |
| US | 8.8.8.8:53 | hrieydzqbyx.com | udp |
| US | 8.8.8.8:53 | tfxjyydbceed.net | udp |
| US | 8.8.8.8:53 | fdrqnwwwbb.info | udp |
| US | 8.8.8.8:53 | zjjfnirx.net | udp |
| US | 8.8.8.8:53 | mywydqwkzcu.info | udp |
| US | 8.8.8.8:53 | wphgtp.net | udp |
| US | 8.8.8.8:53 | iyvmtzdot.info | udp |
| US | 8.8.8.8:53 | kmmigl.net | udp |
| US | 8.8.8.8:53 | cgxzfpzvzx.info | udp |
| US | 8.8.8.8:53 | kdnqpoh.info | udp |
| US | 8.8.8.8:53 | pjvfeicrvlio.info | udp |
| BG | 83.148.90.22:23558 | tcp | |
| US | 8.8.8.8:53 | vptzdgzmmy.info | udp |
| US | 8.8.8.8:53 | kgkywsyamqww.com | udp |
| US | 8.8.8.8:53 | zgtkrmvadeh.com | udp |
| US | 8.8.8.8:53 | dpigqksazzem.info | udp |
| US | 8.8.8.8:53 | rupkvo.info | udp |
| US | 8.8.8.8:53 | jflqrhezqyjn.info | udp |
| US | 8.8.8.8:53 | afzgrtuw.info | udp |
| US | 8.8.8.8:53 | svzavzx.info | udp |
| US | 8.8.8.8:53 | likpsf.info | udp |
| US | 8.8.8.8:53 | iibnfvnjxjp.info | udp |
| US | 8.8.8.8:53 | pxdplesghizt.info | udp |
| US | 8.8.8.8:53 | hijlvkoguj.info | udp |
| US | 8.8.8.8:53 | zudfbpkdbefh.net | udp |
| US | 8.8.8.8:53 | zcwuiahdrgp.org | udp |
| US | 8.8.8.8:53 | mytouak.net | udp |
| US | 8.8.8.8:53 | oowqfaa.info | udp |
| US | 8.8.8.8:53 | serpfizhm.info | udp |
| US | 8.8.8.8:53 | skguhaab.info | udp |
| US | 8.8.8.8:53 | nodejiaqnfj.info | udp |
| US | 8.8.8.8:53 | xgsefzm.com | udp |
| US | 8.8.8.8:53 | iasewoyeoiqa.org | udp |
| BG | 84.252.58.195:13863 | tcp | |
| US | 8.8.8.8:53 | cqpblckecxly.net | udp |
| US | 8.8.8.8:53 | gzdolwx.net | udp |
| US | 8.8.8.8:53 | xpbhtv.net | udp |
| US | 8.8.8.8:53 | nmsohnygv.com | udp |
| US | 8.8.8.8:53 | yiieksusmcwk.org | udp |
| US | 8.8.8.8:53 | yinqzgrte.info | udp |
| US | 8.8.8.8:53 | pibmkdbcfgt.org | udp |
| US | 8.8.8.8:53 | omeygqcqyucy.com | udp |
| US | 8.8.8.8:53 | gotehfsquur.net | udp |
| US | 8.8.8.8:53 | ekykciia.org | udp |
| US | 8.8.8.8:53 | dgrydww.info | udp |
| US | 8.8.8.8:53 | aisuygumic.org | udp |
| US | 8.8.8.8:53 | fcrallykp.org | udp |
| US | 8.8.8.8:53 | tupuxkqajod.com | udp |
| US | 8.8.8.8:53 | dhjnrzcquc.info | udp |
| US | 8.8.8.8:53 | nibuxeovxp.info | udp |
| US | 8.8.8.8:53 | pxrayouu.info | udp |
| US | 8.8.8.8:53 | nppfzhdntldy.info | udp |
| US | 8.8.8.8:53 | aeabsix.net | udp |
| US | 8.8.8.8:53 | mugsesysukik.com | udp |
| US | 8.8.8.8:53 | xczxlsoke.info | udp |
| US | 8.8.8.8:53 | eegrlc.net | udp |
| US | 8.8.8.8:53 | xqfurgaeyut.org | udp |
| US | 8.8.8.8:53 | bkerbohur.org | udp |
| US | 8.8.8.8:53 | irfnkgtsrwj.info | udp |
| US | 8.8.8.8:53 | jrhutut.org | udp |
| US | 8.8.8.8:53 | bevrlfjfdm.net | udp |
| US | 8.8.8.8:53 | aeykcygumw.org | udp |
| US | 8.8.8.8:53 | ylzmfgbctpy.net | udp |
| US | 8.8.8.8:53 | vlwvzy.net | udp |
| US | 8.8.8.8:53 | zpncydzhnn.net | udp |
| US | 8.8.8.8:53 | dxrlktsaxc.info | udp |
| US | 8.8.8.8:53 | rrnyuip.net | udp |
| US | 8.8.8.8:53 | ogsgwkua.org | udp |
| US | 8.8.8.8:53 | gagewmaq.com | udp |
| US | 8.8.8.8:53 | ucwmoumwymuc.com | udp |
| US | 8.8.8.8:53 | didszfrcd.info | udp |
| US | 8.8.8.8:53 | wqmevw.net | udp |
| US | 8.8.8.8:53 | sukooweuoa.org | udp |
| US | 8.8.8.8:53 | nbsqxz.info | udp |
| US | 8.8.8.8:53 | qhgcwzzwjr.net | udp |
| US | 8.8.8.8:53 | rllcuulj.info | udp |
| US | 8.8.8.8:53 | zakfvnuu.net | udp |
| US | 8.8.8.8:53 | ebpqsrl.info | udp |
| US | 8.8.8.8:53 | aeqeyq.org | udp |
| BG | 89.215.79.176:37397 | tcp | |
| US | 8.8.8.8:53 | umtftuvejet.info | udp |
| US | 8.8.8.8:53 | tubqvjyubmh.info | udp |
| US | 8.8.8.8:53 | vcxntkls.info | udp |
| US | 8.8.8.8:53 | nygqhmzun.info | udp |
| US | 8.8.8.8:53 | iuhmtjt.info | udp |
| US | 8.8.8.8:53 | uclufikiq.info | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | oarqwlwxr.info | udp |
| DE | 142.250.181.195:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | okgccrvs.net | udp |
| US | 8.8.8.8:53 | acrqtqb.info | udp |
| US | 8.8.8.8:53 | xwtkdlirhuzi.net | udp |
| US | 8.8.8.8:53 | iupgmiw.info | udp |
| US | 8.8.8.8:53 | psommyz.net | udp |
| US | 8.8.8.8:53 | tapqgkz.info | udp |
| US | 8.8.8.8:53 | ninlhcpslefj.net | udp |
| US | 8.8.8.8:53 | onswuewrdu.net | udp |
| US | 8.8.8.8:53 | rgbhgyxhkuqi.net | udp |
| US | 8.8.8.8:53 | iofhtweoxy.info | udp |
| US | 8.8.8.8:53 | fikabkhybxw.org | udp |
| US | 8.8.8.8:53 | oiocijheghhi.net | udp |
| US | 8.8.8.8:53 | ieuyycwqwkoc.com | udp |
| US | 8.8.8.8:53 | fhjevs.net | udp |
| US | 8.8.8.8:53 | lmtupktbm.net | udp |
| US | 8.8.8.8:53 | hsxyzwi.org | udp |
| US | 8.8.8.8:53 | ikuoqces.org | udp |
| US | 8.8.8.8:53 | ondefafvf.net | udp |
| US | 8.8.8.8:53 | uimqwaycag.com | udp |
| US | 8.8.8.8:53 | lvtyhqheccxw.net | udp |
| US | 8.8.8.8:53 | gacwqyymskwq.com | udp |
| US | 8.8.8.8:53 | vmbpcb.net | udp |
| US | 8.8.8.8:53 | mcygkwqm.org | udp |
| US | 8.8.8.8:53 | nuhrbgjdpn.net | udp |
| US | 8.8.8.8:53 | simkgkkmcigi.com | udp |
| US | 8.8.8.8:53 | akiuiyqc.org | udp |
| US | 8.8.8.8:53 | vivcxfnabjhl.info | udp |
| US | 8.8.8.8:53 | jxcsgestbkig.net | udp |
| US | 8.8.8.8:53 | ezkljtfkdk.net | udp |
| US | 8.8.8.8:53 | jwoqtgv.net | udp |
| US | 8.8.8.8:53 | ywhaqio.info | udp |
| US | 8.8.8.8:53 | nfqhfdywarws.net | udp |
| US | 8.8.8.8:53 | ntmebtqz.net | udp |
| US | 8.8.8.8:53 | tqyrbswireeu.info | udp |
| US | 8.8.8.8:53 | zmnprckzdsq.org | udp |
| US | 8.8.8.8:53 | uyptcxksnmx.info | udp |
| US | 8.8.8.8:53 | ikaaqc.com | udp |
| US | 8.8.8.8:53 | gsusoemq.org | udp |
| US | 8.8.8.8:53 | ccyoouma.org | udp |
| US | 8.8.8.8:53 | lumcger.com | udp |
| US | 8.8.8.8:53 | wobnprasejiu.net | udp |
| US | 8.8.8.8:53 | ijevrjmd.net | udp |
| US | 8.8.8.8:53 | tnekwqkrgjls.net | udp |
| US | 8.8.8.8:53 | jsjqfcsgq.com | udp |
| US | 8.8.8.8:53 | zewymsp.net | udp |
| US | 8.8.8.8:53 | mdbvrrid.net | udp |
| US | 8.8.8.8:53 | rclihrx.org | udp |
| US | 8.8.8.8:53 | hlxbchszzp.net | udp |
| US | 8.8.8.8:53 | suaawe.org | udp |
| LT | 82.135.208.104:37674 | tcp | |
| US | 8.8.8.8:53 | pkmjinbdiy.net | udp |
| US | 8.8.8.8:53 | cuzvffb.info | udp |
| US | 8.8.8.8:53 | dvrckvjk.net | udp |
| US | 8.8.8.8:53 | syyeckso.com | udp |
| US | 8.8.8.8:53 | vubmdwugfwv.org | udp |
| US | 8.8.8.8:53 | dqyydwrdmeik.info | udp |
| US | 8.8.8.8:53 | fryzrrnw.net | udp |
| US | 8.8.8.8:53 | gjoieqt.net | udp |
| US | 8.8.8.8:53 | rfklnyczu.info | udp |
| US | 8.8.8.8:53 | zxalrmlrvt.info | udp |
| US | 8.8.8.8:53 | mhnnqyayup.info | udp |
| US | 8.8.8.8:53 | lxhewirho.net | udp |
| US | 8.8.8.8:53 | xmhanupgu.info | udp |
| US | 8.8.8.8:53 | dnikvkncxqn.org | udp |
| US | 8.8.8.8:53 | qugsxhub.net | udp |
| US | 8.8.8.8:53 | dufwtmtvzsym.info | udp |
| US | 8.8.8.8:53 | khnqsoxebsn.net | udp |
| US | 8.8.8.8:53 | eaekia.org | udp |
| US | 8.8.8.8:53 | aqiwmyai.org | udp |
| US | 8.8.8.8:53 | bcnnncdkmif.net | udp |
| US | 8.8.8.8:53 | phtgqc.info | udp |
| US | 8.8.8.8:53 | fdygvtpuse.info | udp |
| US | 8.8.8.8:53 | swlmkovddcp.net | udp |
| US | 8.8.8.8:53 | xqdersbedxp.net | udp |
| US | 8.8.8.8:53 | shzmhqc.info | udp |
| US | 8.8.8.8:53 | tcpbcllr.info | udp |
| US | 8.8.8.8:53 | tfdtkowhkobz.net | udp |
| US | 8.8.8.8:53 | tlzyfn.net | udp |
| US | 8.8.8.8:53 | mmiwcomcisiq.org | udp |
| US | 8.8.8.8:53 | sqajxqve.info | udp |
| US | 8.8.8.8:53 | ogqsssmu.com | udp |
| US | 8.8.8.8:53 | zutagbtdnoxk.net | udp |
| US | 8.8.8.8:53 | hurkpv.info | udp |
| US | 8.8.8.8:53 | gfxdruagt.net | udp |
| US | 8.8.8.8:53 | qeuzpinyrkwk.info | udp |
| US | 8.8.8.8:53 | pswrtsjyw.org | udp |
| US | 8.8.8.8:53 | zwpabmq.com | udp |
| US | 8.8.8.8:53 | naeqfdlxlws.net | udp |
| US | 8.8.8.8:53 | sagsmu.com | udp |
| US | 8.8.8.8:53 | zseenicm.info | udp |
| US | 8.8.8.8:53 | fytlwme.net | udp |
| US | 8.8.8.8:53 | rngobwdt.net | udp |
| US | 8.8.8.8:53 | fguceef.info | udp |
| US | 8.8.8.8:53 | pbzprf.net | udp |
| US | 8.8.8.8:53 | gnzpxs.net | udp |
| US | 8.8.8.8:53 | efsqdutmd.net | udp |
| US | 8.8.8.8:53 | xiqrblvfry.net | udp |
| US | 8.8.8.8:53 | nulzxrfhbcwj.info | udp |
| US | 8.8.8.8:53 | kedumof.info | udp |
| BG | 91.139.150.254:31569 | tcp | |
| US | 8.8.8.8:53 | imwuei.com | udp |
| US | 8.8.8.8:53 | skwogs.com | udp |
| US | 8.8.8.8:53 | otnroghork.net | udp |
| US | 8.8.8.8:53 | wmcauomiay.com | udp |
| US | 8.8.8.8:53 | hkhmgrdmb.net | udp |
| US | 8.8.8.8:53 | bpjotlivl.com | udp |
| US | 8.8.8.8:53 | hjjdkaxtirkd.net | udp |
| US | 8.8.8.8:53 | rcerokrfflda.info | udp |
| US | 8.8.8.8:53 | qerofmbgxsy.info | udp |
| US | 8.8.8.8:53 | wwxggup.net | udp |
| US | 8.8.8.8:53 | unjxrzyw.info | udp |
| US | 8.8.8.8:53 | susjohwila.info | udp |
| US | 8.8.8.8:53 | wmsgmqauocys.org | udp |
| US | 8.8.8.8:53 | uogicigmue.org | udp |
| US | 8.8.8.8:53 | vjwftnwbuvuw.info | udp |
| US | 8.8.8.8:53 | hyillgil.info | udp |
| US | 8.8.8.8:53 | ecmhfestkd.info | udp |
| US | 8.8.8.8:53 | agolgclkt.net | udp |
| US | 8.8.8.8:53 | ddsdkxscdwzg.net | udp |
| US | 8.8.8.8:53 | sykugiow.com | udp |
| US | 8.8.8.8:53 | gwfcwdn.net | udp |
| US | 8.8.8.8:53 | ghqbryx.net | udp |
| US | 8.8.8.8:53 | erkpvbzot.info | udp |
| US | 8.8.8.8:53 | fvzrixky.net | udp |
| US | 8.8.8.8:53 | ecaxpk.info | udp |
| US | 8.8.8.8:53 | ezzekefsau.net | udp |
| US | 8.8.8.8:53 | sorwpkpaots.info | udp |
| US | 8.8.8.8:53 | jcjehnuyy.info | udp |
| US | 8.8.8.8:53 | tyrqdptkr.info | udp |
| US | 8.8.8.8:53 | bgtckaynjj.info | udp |
| US | 8.8.8.8:53 | jphrtnhm.net | udp |
| US | 8.8.8.8:53 | fhyxrenon.org | udp |
| US | 8.8.8.8:53 | tzvvajdpidhc.info | udp |
| US | 8.8.8.8:53 | pmkjtfqint.info | udp |
| US | 8.8.8.8:53 | pwmoeopmhqf.info | udp |
| US | 8.8.8.8:53 | mzjqjgbz.info | udp |
| US | 8.8.8.8:53 | usgccqkqcsuw.com | udp |
| US | 8.8.8.8:53 | usgggwykyque.com | udp |
| US | 8.8.8.8:53 | osxmkaz.info | udp |
| US | 8.8.8.8:53 | suncxnohusp.info | udp |
| US | 8.8.8.8:53 | mqmmwaou.org | udp |
| US | 8.8.8.8:53 | tkvltrgf.net | udp |
| US | 8.8.8.8:53 | nbysyscpqk.info | udp |
| US | 8.8.8.8:53 | bkilqmghrs.info | udp |
| US | 8.8.8.8:53 | urksgjxww.net | udp |
| US | 8.8.8.8:53 | sbzgoiqu.net | udp |
| US | 8.8.8.8:53 | qtlpzugsle.info | udp |
| US | 8.8.8.8:53 | rokefozcd.net | udp |
| US | 8.8.8.8:53 | olijdrlmzb.net | udp |
| US | 8.8.8.8:53 | domwfiikc.org | udp |
| US | 8.8.8.8:53 | bcqkkitxu.net | udp |
| US | 8.8.8.8:53 | aeqkeewsgkyu.org | udp |
| US | 8.8.8.8:53 | uyyxodieeh.net | udp |
| US | 8.8.8.8:53 | iudaiyiutga.net | udp |
| US | 8.8.8.8:53 | aekskoms.com | udp |
| US | 8.8.8.8:53 | bqhewwdmb.com | udp |
| US | 8.8.8.8:53 | fwrhago.com | udp |
| US | 8.8.8.8:53 | psehtr.net | udp |
| US | 8.8.8.8:53 | qmgnqyayup.net | udp |
| US | 8.8.8.8:53 | rependurpc.net | udp |
| US | 8.8.8.8:53 | vepyrggqj.info | udp |
| US | 8.8.8.8:53 | qovagk.net | udp |
| US | 8.8.8.8:53 | olwwzvbjuvtp.info | udp |
| FR | 62.213.191.129:17507 | tcp | |
| US | 8.8.8.8:53 | lcruwwzwd.info | udp |
| US | 8.8.8.8:53 | bstghefyp.com | udp |
| US | 8.8.8.8:53 | hvltpqd.net | udp |
| US | 8.8.8.8:53 | avigzh.info | udp |
| US | 8.8.8.8:53 | jidwvuzea.info | udp |
| US | 8.8.8.8:53 | yffbsbvpxj.net | udp |
| US | 8.8.8.8:53 | sgbpordmh.net | udp |
| US | 8.8.8.8:53 | yuhfxlze.info | udp |
| US | 8.8.8.8:53 | czomtaj.net | udp |
| US | 8.8.8.8:53 | vghrznsx.info | udp |
| US | 8.8.8.8:53 | hqpfhrtazw.info | udp |
| US | 8.8.8.8:53 | mhxria.info | udp |
| US | 8.8.8.8:53 | azekrdzgkyb.net | udp |
| US | 8.8.8.8:53 | mmhgrpr.net | udp |
| US | 8.8.8.8:53 | ojbwcofwhor.info | udp |
| US | 8.8.8.8:53 | fkmohh.info | udp |
| US | 8.8.8.8:53 | mzpudn.net | udp |
| US | 8.8.8.8:53 | ndzupwa.com | udp |
| US | 8.8.8.8:53 | neemdslqxge.com | udp |
| US | 8.8.8.8:53 | tpsiuh.net | udp |
| US | 8.8.8.8:53 | vpshbvrar.com | udp |
| US | 8.8.8.8:53 | ssfwxkh.net | udp |
| US | 8.8.8.8:53 | mohmueg.net | udp |
| US | 8.8.8.8:53 | haeqxyqztip.com | udp |
| US | 8.8.8.8:53 | mckeyzmofxi.info | udp |
| US | 8.8.8.8:53 | ikzlbyrvpgt.info | udp |
| US | 8.8.8.8:53 | jcpgijxh.net | udp |
| US | 8.8.8.8:53 | gajgdrt.net | udp |
| US | 8.8.8.8:53 | mtbggegcf.info | udp |
| US | 8.8.8.8:53 | cxzgxenej.net | udp |
| US | 8.8.8.8:53 | msumcw.org | udp |
| US | 8.8.8.8:53 | oalqtqzxdcr.info | udp |
| US | 8.8.8.8:53 | mpgtxs.net | udp |
| US | 8.8.8.8:53 | cofxnvderwvc.info | udp |
| BG | 77.71.4.98:43163 | tcp | |
| US | 8.8.8.8:53 | gwgiim.org | udp |
| US | 8.8.8.8:53 | dodowdlygur.net | udp |
| US | 8.8.8.8:53 | eidkggpqoemp.info | udp |
| US | 8.8.8.8:53 | blbyjnpnlgn.net | udp |
| US | 8.8.8.8:53 | mvmpxiyqv.info | udp |
| US | 8.8.8.8:53 | vzrywgbypzqt.info | udp |
| US | 8.8.8.8:53 | yhnpqqp.info | udp |
| US | 8.8.8.8:53 | fkiybhlz.net | udp |
| US | 8.8.8.8:53 | tdcuuersxh.net | udp |
| US | 8.8.8.8:53 | epnerpt.info | udp |
| US | 8.8.8.8:53 | znlfenovmt.info | udp |
| US | 8.8.8.8:53 | fllhzyzvbsxw.net | udp |
| US | 8.8.8.8:53 | dfsbgdqwmb.net | udp |
| US | 8.8.8.8:53 | ssnkrhjfy.net | udp |
| US | 8.8.8.8:53 | hprerydzd.com | udp |
| US | 8.8.8.8:53 | yeuisgkyyk.org | udp |
| US | 8.8.8.8:53 | ccuswsqoik.org | udp |
| US | 8.8.8.8:53 | yisadguwoi.net | udp |
| US | 8.8.8.8:53 | icjutzjytmd.net | udp |
| US | 8.8.8.8:53 | ltiljcqa.net | udp |
| US | 8.8.8.8:53 | yakckkiacm.org | udp |
| US | 8.8.8.8:53 | uaewnzxhxs.info | udp |
| US | 8.8.8.8:53 | ohpsnmt.info | udp |
| US | 8.8.8.8:53 | gehsuywdq.net | udp |
| US | 8.8.8.8:53 | eahfih.info | udp |
| US | 8.8.8.8:53 | okdycuj.net | udp |
| US | 8.8.8.8:53 | celbkxvoa.info | udp |
| US | 8.8.8.8:53 | xfkkhqxsz.net | udp |
| US | 8.8.8.8:53 | jpiauqrujtxf.net | udp |
| US | 8.8.8.8:53 | ksaauwyksqoa.com | udp |
| US | 8.8.8.8:53 | ppquhca.net | udp |
| US | 8.8.8.8:53 | dnvqhx.info | udp |
| US | 8.8.8.8:53 | nsvsiurumoi.org | udp |
| US | 8.8.8.8:53 | jybnquobei.info | udp |
| US | 8.8.8.8:53 | cmnwlclawpi.info | udp |
| US | 8.8.8.8:53 | ejgmofxiqlij.net | udp |
| US | 8.8.8.8:53 | dppayanib.info | udp |
| US | 8.8.8.8:53 | arzabffcxk.info | udp |
| US | 8.8.8.8:53 | gjxbgydul.net | udp |
| US | 8.8.8.8:53 | jilpvdooiw.info | udp |
| US | 8.8.8.8:53 | jfnhpabzd.org | udp |
| US | 8.8.8.8:53 | zoosdjduv.net | udp |
| US | 8.8.8.8:53 | pgvgqgh.info | udp |
| US | 8.8.8.8:53 | bxpcatpmqj.info | udp |
| US | 8.8.8.8:53 | kcywokua.com | udp |
| US | 8.8.8.8:53 | gzejbuxwt.info | udp |
| US | 8.8.8.8:53 | axdszgvd.net | udp |
| US | 8.8.8.8:53 | xbbrovhypum.org | udp |
| US | 8.8.8.8:53 | bdhqxgf.net | udp |
| US | 8.8.8.8:53 | iomatkiym.info | udp |
| US | 8.8.8.8:53 | fpzbetywmpyp.info | udp |
| US | 8.8.8.8:53 | agoayw.com | udp |
| US | 8.8.8.8:53 | zbkemqf.com | udp |
| US | 8.8.8.8:53 | brihzn.net | udp |
| US | 8.8.8.8:53 | lwdsjov.info | udp |
| US | 8.8.8.8:53 | qcbgptxcfym.info | udp |
| US | 8.8.8.8:53 | xsdwxmohbao.info | udp |
| US | 8.8.8.8:53 | ccykokaikwgi.com | udp |
| US | 8.8.8.8:53 | hffhnoww.net | udp |
| US | 8.8.8.8:53 | wylslmf.net | udp |
| US | 8.8.8.8:53 | ihkziumotfom.info | udp |
| US | 8.8.8.8:53 | qwpkoiwmcqd.net | udp |
| US | 8.8.8.8:53 | kelajszodmr.info | udp |
| US | 8.8.8.8:53 | alnubzpvsmsp.info | udp |
| US | 8.8.8.8:53 | qkiqmyiw.com | udp |
| US | 8.8.8.8:53 | neorrp.info | udp |
| US | 8.8.8.8:53 | bvfqhxtfldin.info | udp |
| US | 8.8.8.8:53 | skieieciiymc.org | udp |
| US | 8.8.8.8:53 | kdhzwczvplfc.net | udp |
| US | 8.8.8.8:53 | muyhzebsyb.info | udp |
| US | 8.8.8.8:53 | gudwryjkprty.net | udp |
| US | 8.8.8.8:53 | aspcrydnn.net | udp |
| US | 8.8.8.8:53 | iqtmro.net | udp |
| US | 8.8.8.8:53 | jkygffjpe.org | udp |
| LT | 212.117.9.67:28926 | tcp | |
| US | 8.8.8.8:53 | isksoqciocua.com | udp |
| US | 8.8.8.8:53 | ahxenybvdg.net | udp |
| US | 8.8.8.8:53 | fbjwqgvtpah.org | udp |
| US | 8.8.8.8:53 | aqzuehezrodu.net | udp |
| US | 8.8.8.8:53 | yuzilaqrq.info | udp |
| US | 8.8.8.8:53 | qlvwio.net | udp |
| US | 8.8.8.8:53 | kiccmsgssi.org | udp |
| US | 8.8.8.8:53 | nlzbvbln.net | udp |
| US | 8.8.8.8:53 | aazoxyy.net | udp |
| US | 8.8.8.8:53 | xaarreqnlrdm.info | udp |
| US | 8.8.8.8:53 | rzmnvt.net | udp |
| US | 8.8.8.8:53 | rxxgcidynwj.info | udp |
| US | 8.8.8.8:53 | sazgfiaujqe.net | udp |
| US | 8.8.8.8:53 | eskmqr.info | udp |
| US | 8.8.8.8:53 | jtvrsczuav.net | udp |
| US | 8.8.8.8:53 | baxdph.info | udp |
| US | 8.8.8.8:53 | smrjvelsj.info | udp |
| US | 8.8.8.8:53 | oeckauykukku.com | udp |
| US | 8.8.8.8:53 | robvoees.info | udp |
| US | 8.8.8.8:53 | yseuuqymim.org | udp |
| US | 8.8.8.8:53 | jkteksfpv.net | udp |
| US | 8.8.8.8:53 | cyyofopuv.info | udp |
| US | 8.8.8.8:53 | ruybpg.net | udp |
| US | 8.8.8.8:53 | auykucggmgac.com | udp |
| US | 8.8.8.8:53 | vmaqgrlnnuqc.info | udp |
| US | 8.8.8.8:53 | qggggmog.org | udp |
| US | 8.8.8.8:53 | fgbgqvhlulxx.info | udp |
| US | 8.8.8.8:53 | gssgyaf.net | udp |
| US | 8.8.8.8:53 | jsmfpc.net | udp |
| US | 8.8.8.8:53 | cqaywaeuusgm.com | udp |
| US | 8.8.8.8:53 | liwxaedxzm.info | udp |
| US | 8.8.8.8:53 | eetxralgr.info | udp |
| US | 8.8.8.8:53 | omqgukoeyo.org | udp |
| US | 8.8.8.8:53 | brlknql.org | udp |
| US | 8.8.8.8:53 | oayyom.com | udp |
| US | 8.8.8.8:53 | bndenikl.info | udp |
| US | 8.8.8.8:53 | aoqehamscev.net | udp |
| US | 8.8.8.8:53 | azrwjgz.net | udp |
| US | 8.8.8.8:53 | hdredfgffn.info | udp |
| US | 8.8.8.8:53 | pftodt.info | udp |
| US | 8.8.8.8:53 | vtafpvrgwksj.net | udp |
| US | 8.8.8.8:53 | nknhvnjmgw.net | udp |
| US | 8.8.8.8:53 | luqlfi.info | udp |
| US | 8.8.8.8:53 | zchvdwljyy.net | udp |
| US | 8.8.8.8:53 | nkjoucmybek.com | udp |
| US | 8.8.8.8:53 | xbtsfzzxva.net | udp |
| US | 8.8.8.8:53 | roviltedxkxe.net | udp |
| BG | 77.85.91.141:44432 | tcp | |
| US | 8.8.8.8:53 | wezwkfy.net | udp |
| US | 8.8.8.8:53 | dojwngv.net | udp |
| US | 8.8.8.8:53 | acyiyawiusoe.org | udp |
| US | 8.8.8.8:53 | chnrelp.info | udp |
| US | 8.8.8.8:53 | kdbetjmzql.net | udp |
| US | 8.8.8.8:53 | cpxrjdts.info | udp |
| US | 8.8.8.8:53 | dgtizmncv.com | udp |
| US | 8.8.8.8:53 | pcgwtmg.org | udp |
| US | 8.8.8.8:53 | xxjixwmbjsb.net | udp |
| US | 8.8.8.8:53 | kqboptvurzu.info | udp |
| US | 8.8.8.8:53 | ilcyggbv.net | udp |
| US | 8.8.8.8:53 | zlaolcwjd.info | udp |
| US | 8.8.8.8:53 | tbhyxkjfzfjc.net | udp |
| US | 8.8.8.8:53 | xzcpbsimgn.net | udp |
| US | 8.8.8.8:53 | eujoljt.net | udp |
| US | 8.8.8.8:53 | zmrpjer.net | udp |
| US | 8.8.8.8:53 | ykxgdeomo.info | udp |
| US | 8.8.8.8:53 | lfuyidfndkob.net | udp |
| US | 8.8.8.8:53 | oipoxyj.net | udp |
| US | 8.8.8.8:53 | qgmhjewbnk.info | udp |
| US | 8.8.8.8:53 | usymgcik.com | udp |
| US | 8.8.8.8:53 | lubgvwfyizr.net | udp |
| US | 8.8.8.8:53 | zdtwtzoka.org | udp |
| US | 8.8.8.8:53 | lspcwtatzf.net | udp |
| US | 8.8.8.8:53 | jzuztayf.net | udp |
| US | 8.8.8.8:53 | mphkyayezt.net | udp |
| US | 8.8.8.8:53 | zcpxiqfofg.net | udp |
| US | 8.8.8.8:53 | oimgyi.org | udp |
| US | 8.8.8.8:53 | sxoelqf.info | udp |
| US | 8.8.8.8:53 | haiefrj.org | udp |
| US | 8.8.8.8:53 | ajcnwjgv.net | udp |
| US | 8.8.8.8:53 | naxuwg.net | udp |
| US | 8.8.8.8:53 | wudlmugsjej.net | udp |
| US | 8.8.8.8:53 | ljolcdsbequk.info | udp |
| LT | 78.58.11.177:43530 | tcp | |
| US | 8.8.8.8:53 | rsyalub.org | udp |
| US | 8.8.8.8:53 | munfhwxqbwc.net | udp |
| US | 8.8.8.8:53 | ixqwxs.info | udp |
| US | 8.8.8.8:53 | rvjvyw.net | udp |
| US | 8.8.8.8:53 | owndpukyxfw.info | udp |
| US | 8.8.8.8:53 | aysekgow.com | udp |
| US | 8.8.8.8:53 | uavgedf.net | udp |
| US | 8.8.8.8:53 | rsxuukjkp.net | udp |
| US | 8.8.8.8:53 | jifwqcnij.info | udp |
| US | 8.8.8.8:53 | aerilednj.net | udp |
| US | 8.8.8.8:53 | pulkkajehkk.info | udp |
| US | 8.8.8.8:53 | nchbdqglglqc.net | udp |
| US | 8.8.8.8:53 | ecwueyii.org | udp |
| US | 8.8.8.8:53 | tqzqeunk.net | udp |
| US | 8.8.8.8:53 | jfjwweqha.info | udp |
| US | 8.8.8.8:53 | qsouye.com | udp |
| US | 8.8.8.8:53 | cuyokeoq.com | udp |
| US | 8.8.8.8:53 | rvpqrbgcfvbe.info | udp |
| US | 8.8.8.8:53 | fkdxttbi.net | udp |
| US | 8.8.8.8:53 | lnxbduz.info | udp |
| US | 8.8.8.8:53 | pgdolvl.org | udp |
| US | 8.8.8.8:53 | ywggcq.com | udp |
| US | 8.8.8.8:53 | pjjchmjje.info | udp |
| US | 8.8.8.8:53 | ayuimmqmis.org | udp |
| US | 8.8.8.8:53 | pwzgsfvl.net | udp |
| US | 8.8.8.8:53 | yxamjg.net | udp |
| US | 8.8.8.8:53 | wgxqfmj.info | udp |
| US | 8.8.8.8:53 | twbuijrbzel.com | udp |
| US | 8.8.8.8:53 | qlrjpd.info | udp |
| US | 8.8.8.8:53 | zhhsxdrgtxga.net | udp |
| US | 8.8.8.8:53 | puhtywyg.info | udp |
| US | 8.8.8.8:53 | wkzejlit.info | udp |
| US | 8.8.8.8:53 | attpxwz.net | udp |
| US | 8.8.8.8:53 | qiesukkq.org | udp |
| US | 8.8.8.8:53 | hrxehcf.net | udp |
| US | 8.8.8.8:53 | fohtnzomm.org | udp |
| US | 8.8.8.8:53 | kycuyyww.org | udp |
| US | 8.8.8.8:53 | rqwiarekvwk.info | udp |
| US | 8.8.8.8:53 | ndwnjkoi.info | udp |
| US | 8.8.8.8:53 | vibtlp.info | udp |
| US | 8.8.8.8:53 | hnlwionwvij.info | udp |
| US | 8.8.8.8:53 | ggusjaz.info | udp |
| US | 8.8.8.8:53 | naiythn.net | udp |
| US | 8.8.8.8:53 | dbtifhuc.net | udp |
| US | 8.8.8.8:53 | yxhdpddf.info | udp |
| US | 8.8.8.8:53 | xwhmlab.net | udp |
| US | 8.8.8.8:53 | hiuiozfid.info | udp |
| US | 8.8.8.8:53 | uockgvlrxdph.net | udp |
| US | 8.8.8.8:53 | qmecsgmo.org | udp |
| US | 8.8.8.8:53 | trtenmbzfqb.com | udp |
| US | 8.8.8.8:53 | ecjwlzqwh.net | udp |
| US | 8.8.8.8:53 | xqxgkpi.info | udp |
| US | 8.8.8.8:53 | noohokcey.info | udp |
| US | 8.8.8.8:53 | conadth.net | udp |
| US | 8.8.8.8:53 | yzwvpxlk.info | udp |
| US | 8.8.8.8:53 | aaamikuesqee.org | udp |
| US | 8.8.8.8:53 | lsdrakig.info | udp |
| US | 8.8.8.8:53 | rcsqnghkhyt.net | udp |
| US | 8.8.8.8:53 | vkycmmhqrgd.com | udp |
| US | 8.8.8.8:53 | rknyjzuy.info | udp |
| US | 8.8.8.8:53 | ykemsgmyaymq.com | udp |
| US | 8.8.8.8:53 | nkdwpsixm.com | udp |
| US | 8.8.8.8:53 | xugaqd.info | udp |
| LT | 86.100.245.29:40704 | tcp | |
| US | 8.8.8.8:53 | loliobol.info | udp |
| US | 8.8.8.8:53 | qucrndhlvmnx.info | udp |
| US | 8.8.8.8:53 | xurxflm.net | udp |
| US | 8.8.8.8:53 | tkzwwug.info | udp |
| US | 8.8.8.8:53 | wopkfsnclkh.info | udp |
| US | 8.8.8.8:53 | jkmxfir.com | udp |
| US | 8.8.8.8:53 | kgyico.org | udp |
| US | 8.8.8.8:53 | kyemiyqekgqi.org | udp |
| US | 8.8.8.8:53 | duznfpkl.info | udp |
| US | 8.8.8.8:53 | hvdzuout.net | udp |
| US | 8.8.8.8:53 | xloygesiiw.info | udp |
| US | 8.8.8.8:53 | iyjqvklsvci.net | udp |
| US | 8.8.8.8:53 | kyqjbufjpycm.net | udp |
| US | 8.8.8.8:53 | rrtqdbcy.net | udp |
| BG | 94.156.58.161:30711 | tcp | |
| US | 8.8.8.8:53 | qmzoqmpegig.info | udp |
| US | 8.8.8.8:53 | hksskkhuo.net | udp |
| US | 8.8.8.8:53 | uvjtbs.net | udp |
| US | 8.8.8.8:53 | wibidwhupbaq.info | udp |
| US | 8.8.8.8:53 | zzfiyorzx.com | udp |
| US | 8.8.8.8:53 | ruvgjbmg.net | udp |
| US | 8.8.8.8:53 | xefhwadzpkx.info | udp |
| US | 8.8.8.8:53 | qqggpdxxmuru.net | udp |
| US | 8.8.8.8:53 | wjnodglyqcl.info | udp |
| US | 8.8.8.8:53 | dppnxkxtye.net | udp |
| US | 8.8.8.8:53 | rapcmavkxzz.net | udp |
| US | 8.8.8.8:53 | flcsahvnzgfk.info | udp |
| US | 8.8.8.8:53 | acfgusscqig.net | udp |
| US | 8.8.8.8:53 | npxgzec.org | udp |
| US | 8.8.8.8:53 | uegaai.org | udp |
| US | 8.8.8.8:53 | lqnalljkixfs.info | udp |
| US | 8.8.8.8:53 | dlvwlhxclem.org | udp |
| US | 8.8.8.8:53 | hfzkalag.net | udp |
| US | 8.8.8.8:53 | rbhfhb.net | udp |
| US | 8.8.8.8:53 | aiqwiqsywyuu.org | udp |
| US | 8.8.8.8:53 | djerbg.net | udp |
| US | 8.8.8.8:53 | wzvyvb.net | udp |
| US | 8.8.8.8:53 | tuhawxljff.info | udp |
| US | 8.8.8.8:53 | feseoztguj.info | udp |
| US | 8.8.8.8:53 | aopywqtwwau.net | udp |
| US | 8.8.8.8:53 | uopubvyiebrz.info | udp |
| US | 8.8.8.8:53 | fsxrrcpdgmuf.net | udp |
| US | 8.8.8.8:53 | ajpepgvriac.info | udp |
| US | 8.8.8.8:53 | wimicuoq.org | udp |
| US | 8.8.8.8:53 | aaacuueqmi.com | udp |
| US | 8.8.8.8:53 | wmsecg.com | udp |
| US | 8.8.8.8:53 | nysriymvg.net | udp |
| US | 8.8.8.8:53 | vcfsqqnamw.info | udp |
| US | 8.8.8.8:53 | eimmnixqw.info | udp |
| US | 8.8.8.8:53 | twrxhwl.com | udp |
| US | 8.8.8.8:53 | pcgfbredb.info | udp |
| US | 8.8.8.8:53 | smgewk.com | udp |
| US | 8.8.8.8:53 | wcquieuiks.com | udp |
| US | 8.8.8.8:53 | usseqasy.org | udp |
| US | 8.8.8.8:53 | gmurzxjqkcos.net | udp |
| US | 8.8.8.8:53 | wsvshob.info | udp |
| US | 8.8.8.8:53 | eojyrsr.info | udp |
| US | 8.8.8.8:53 | levcmmpyrl.info | udp |
| US | 8.8.8.8:53 | pjbhbtbkfy.net | udp |
| US | 8.8.8.8:53 | wxhurghdxplc.info | udp |
| US | 8.8.8.8:53 | iotuvqi.net | udp |
| US | 8.8.8.8:53 | dzlndsjynadz.net | udp |
| US | 8.8.8.8:53 | ggxaaan.net | udp |
| US | 8.8.8.8:53 | thzzycvozzhd.info | udp |
| US | 8.8.8.8:53 | eodmqetur.net | udp |
| US | 8.8.8.8:53 | miudxetdtgz.net | udp |
| US | 8.8.8.8:53 | xcbckqnwnf.info | udp |
| US | 8.8.8.8:53 | nshaafppl.com | udp |
| US | 8.8.8.8:53 | ykdvou.net | udp |
| US | 8.8.8.8:53 | awsisaqyguka.com | udp |
| US | 8.8.8.8:53 | nblyev.info | udp |
| US | 8.8.8.8:53 | aetqlldkruk.net | udp |
| US | 8.8.8.8:53 | gkgccgecuh.info | udp |
| US | 8.8.8.8:53 | sgoyacuayqwe.org | udp |
| US | 8.8.8.8:53 | huvusrl.net | udp |
| US | 8.8.8.8:53 | xnvzxciv.info | udp |
| US | 8.8.8.8:53 | lnlluverxt.info | udp |
| US | 8.8.8.8:53 | eixybqjsiwv.net | udp |
| US | 8.8.8.8:53 | qnvnjopvonhc.net | udp |
| US | 8.8.8.8:53 | idhegn.info | udp |
| US | 8.8.8.8:53 | ntmatsb.info | udp |
| US | 8.8.8.8:53 | kfcyvkqzskfw.info | udp |
| US | 8.8.8.8:53 | ojblbt.net | udp |
| US | 8.8.8.8:53 | iarcbjrebkv.info | udp |
| US | 8.8.8.8:53 | sklcen.info | udp |
| US | 8.8.8.8:53 | krluywpum.net | udp |
| US | 8.8.8.8:53 | bcrznallpdp.com | udp |
| US | 8.8.8.8:53 | bkewpipqh.org | udp |
| US | 8.8.8.8:53 | qgeiymie.com | udp |
| US | 8.8.8.8:53 | ycyaaoeuicmi.org | udp |
| US | 8.8.8.8:53 | ouairwfsi.info | udp |
| US | 8.8.8.8:53 | vurumccav.org | udp |
| US | 8.8.8.8:53 | gcuwjlpnk.net | udp |
| US | 8.8.8.8:53 | wyyaaskw.com | udp |
| US | 8.8.8.8:53 | nueocc.info | udp |
| US | 8.8.8.8:53 | ycyeqw.com | udp |
| US | 8.8.8.8:53 | flcfdclb.info | udp |
| US | 8.8.8.8:53 | lmcbjhz.net | udp |
| US | 8.8.8.8:53 | wqmihqdblpk.info | udp |
| US | 8.8.8.8:53 | wgigswio.com | udp |
| US | 8.8.8.8:53 | nxhlxpqrfivx.net | udp |
| US | 8.8.8.8:53 | ychchkicxcj.info | udp |
| US | 8.8.8.8:53 | qloavg.info | udp |
| US | 8.8.8.8:53 | nmhchsr.net | udp |
| US | 8.8.8.8:53 | gkmqsscsiqyy.org | udp |
| US | 8.8.8.8:53 | vfelmatb.net | udp |
| US | 8.8.8.8:53 | tubrhhzkbmyz.net | udp |
| US | 8.8.8.8:53 | cqmaioayui.com | udp |
| US | 8.8.8.8:53 | ikysmgcqmqgu.org | udp |
| US | 8.8.8.8:53 | eocucuweaagy.org | udp |
| US | 8.8.8.8:53 | dqjrxy.net | udp |
| US | 8.8.8.8:53 | oqikyg.org | udp |
| US | 8.8.8.8:53 | aycwte.net | udp |
| US | 8.8.8.8:53 | omsctadfvkl.net | udp |
| US | 8.8.8.8:53 | klnsyk.net | udp |
| US | 8.8.8.8:53 | zyhmtyjqksq.info | udp |
| US | 8.8.8.8:53 | wogkyeqeke.org | udp |
| US | 8.8.8.8:53 | qsdzdamlkrsm.net | udp |
| US | 8.8.8.8:53 | sssokw.org | udp |
| US | 8.8.8.8:53 | juicvrlbpi.net | udp |
| US | 8.8.8.8:53 | psxanwnkfz.info | udp |
| US | 8.8.8.8:53 | nuqsritgz.org | udp |
| US | 8.8.8.8:53 | swkbdgxsb.net | udp |
| US | 8.8.8.8:53 | tinypoimzb.net | udp |
| US | 8.8.8.8:53 | qsqkwc.org | udp |
| US | 8.8.8.8:53 | hqxeemjs.info | udp |
| US | 8.8.8.8:53 | epsxey.info | udp |
| US | 8.8.8.8:53 | rkqbmq.info | udp |
| US | 8.8.8.8:53 | cvbwisp.net | udp |
| US | 8.8.8.8:53 | aulvzsoxgo.info | udp |
| US | 8.8.8.8:53 | euquqwii.org | udp |
| US | 8.8.8.8:53 | kzicyr.info | udp |
| US | 8.8.8.8:53 | mmhfpd.net | udp |
| US | 8.8.8.8:53 | gwmsloetvg.net | udp |
| US | 8.8.8.8:53 | smuoeu.com | udp |
| US | 8.8.8.8:53 | prkqamq.net | udp |
| US | 8.8.8.8:53 | pfmgqefuf.info | udp |
| US | 8.8.8.8:53 | eexubiq.info | udp |
| US | 8.8.8.8:53 | cerskihqqnu.info | udp |
| US | 8.8.8.8:53 | zsrnhalwarn.net | udp |
| US | 8.8.8.8:53 | wsouksqisg.org | udp |
| US | 8.8.8.8:53 | wsmixhv.net | udp |
| US | 8.8.8.8:53 | yiioeuiywqws.com | udp |
| US | 8.8.8.8:53 | fzoszzpad.org | udp |
| US | 8.8.8.8:53 | eqcuikumcc.com | udp |
| US | 8.8.8.8:53 | jiduyhrthr.info | udp |
| US | 8.8.8.8:53 | icwmuesy.com | udp |
| US | 8.8.8.8:53 | lpkztmhavwo.net | udp |
| US | 8.8.8.8:53 | bodsiylylyp.info | udp |
| US | 8.8.8.8:53 | bgzqxjxiodvp.info | udp |
| US | 8.8.8.8:53 | gyzcidyv.info | udp |
| US | 8.8.8.8:53 | iygsie.org | udp |
| US | 8.8.8.8:53 | frimtvfdnh.info | udp |
| US | 8.8.8.8:53 | ythjpklysc.net | udp |
| US | 8.8.8.8:53 | zghgwsx.com | udp |
| US | 8.8.8.8:53 | bjotruabiq.net | udp |
| US | 8.8.8.8:53 | rghoxyq.info | udp |
| US | 8.8.8.8:53 | xvhxvvbjrfbs.info | udp |
| US | 8.8.8.8:53 | ihzodaal.info | udp |
| US | 8.8.8.8:53 | zijwfifij.com | udp |
| US | 8.8.8.8:53 | nxxndo.net | udp |
| US | 8.8.8.8:53 | cgjsfel.info | udp |
| US | 8.8.8.8:53 | wmtqcpz.net | udp |
| US | 8.8.8.8:53 | nvgsos.info | udp |
| US | 8.8.8.8:53 | orkhgepxdfsx.info | udp |
| US | 8.8.8.8:53 | tobeqdksbdc.info | udp |
| US | 8.8.8.8:53 | genauuekxyl.net | udp |
| US | 8.8.8.8:53 | lijvoblbnw.net | udp |
| US | 8.8.8.8:53 | bktjdpl.com | udp |
| US | 8.8.8.8:53 | ppidxgnm.net | udp |
| US | 8.8.8.8:53 | xvotaqhjhsqc.net | udp |
| US | 8.8.8.8:53 | lumgngd.com | udp |
| US | 8.8.8.8:53 | ougjruf.info | udp |
| US | 8.8.8.8:53 | fkxmqrlk.info | udp |
| US | 8.8.8.8:53 | qubctfftd.net | udp |
| US | 8.8.8.8:53 | uckcswsayy.com | udp |
| US | 8.8.8.8:53 | hseiqpqznkwp.info | udp |
| US | 8.8.8.8:53 | jadzkbvcif.info | udp |
| US | 8.8.8.8:53 | jmjrhupcq.net | udp |
| US | 8.8.8.8:53 | czlelkxovtf.info | udp |
| US | 8.8.8.8:53 | qcsmquwc.org | udp |
| US | 8.8.8.8:53 | fzrcbilll.org | udp |
| US | 8.8.8.8:53 | zejcfun.info | udp |
| US | 8.8.8.8:53 | mrpkbiu.net | udp |
| US | 8.8.8.8:53 | lhgzmkba.info | udp |
| US | 8.8.8.8:53 | iuwqykyake.org | udp |
| US | 8.8.8.8:53 | wzngdnueebgn.net | udp |
| US | 8.8.8.8:53 | wrnskvmaibz.info | udp |
| US | 8.8.8.8:53 | moagaikumyqu.com | udp |
| US | 8.8.8.8:53 | zafmhaempn.net | udp |
| US | 8.8.8.8:53 | fwueygz.net | udp |
| US | 8.8.8.8:53 | vbhkzba.com | udp |
| US | 8.8.8.8:53 | tqxiwjs.com | udp |
| US | 8.8.8.8:53 | nunsbyzpqj.net | udp |
| US | 8.8.8.8:53 | xtnfkizgwnfb.net | udp |
| US | 8.8.8.8:53 | hsvfegxnfxhp.net | udp |
| US | 8.8.8.8:53 | eypeplym.info | udp |
| US | 8.8.8.8:53 | mwurqbxq.info | udp |
| US | 8.8.8.8:53 | fsxiqkkdkl.info | udp |
| US | 8.8.8.8:53 | coxwrwt.info | udp |
| US | 8.8.8.8:53 | aesscmgyqqge.com | udp |
| US | 8.8.8.8:53 | ysaecamcuc.com | udp |
| US | 8.8.8.8:53 | srtask.info | udp |
| US | 8.8.8.8:53 | xeuozeesfqd.org | udp |
| US | 8.8.8.8:53 | dczixpindeph.info | udp |
| US | 8.8.8.8:53 | bzcssrek.info | udp |
| US | 8.8.8.8:53 | etxezotwhmn.net | udp |
| US | 8.8.8.8:53 | upbathmyh.info | udp |
| US | 8.8.8.8:53 | jwxeqko.net | udp |
| US | 8.8.8.8:53 | uatgllngjud.net | udp |
| US | 8.8.8.8:53 | ekwyeaqgmqmg.org | udp |
| US | 8.8.8.8:53 | kusqys.com | udp |
| US | 8.8.8.8:53 | natcdyjeaot.net | udp |
| US | 8.8.8.8:53 | yaocci.org | udp |
| US | 8.8.8.8:53 | ocsyrkjcgif.net | udp |
| US | 8.8.8.8:53 | swrenbq.net | udp |
| US | 8.8.8.8:53 | efabpiudv.info | udp |
| US | 8.8.8.8:53 | jnimhlgamn.net | udp |
| US | 8.8.8.8:53 | gelspojljcz.net | udp |
| US | 8.8.8.8:53 | gidcbcz.info | udp |
| US | 8.8.8.8:53 | bynefizqqsr.info | udp |
| US | 8.8.8.8:53 | sdkmxoaut.net | udp |
| US | 8.8.8.8:53 | julkxat.com | udp |
| US | 8.8.8.8:53 | ygeuiicascey.org | udp |
| US | 8.8.8.8:53 | sloozwn.net | udp |
| US | 8.8.8.8:53 | mgcefcd.net | udp |
| US | 8.8.8.8:53 | zlhqyetrhtd.com | udp |
| US | 8.8.8.8:53 | ewiljj.net | udp |
| US | 8.8.8.8:53 | sdpxvmuzld.net | udp |
| US | 8.8.8.8:53 | dsvytwnut.org | udp |
| US | 8.8.8.8:53 | lygpychnvlri.info | udp |
| US | 8.8.8.8:53 | czxutqo.info | udp |
| US | 8.8.8.8:53 | ncqnmuxhxx.net | udp |
| US | 8.8.8.8:53 | coeuma.org | udp |
| US | 8.8.8.8:53 | rjoktspal.org | udp |
| US | 8.8.8.8:53 | caphyz.info | udp |
| US | 8.8.8.8:53 | ygrvkeenjih.info | udp |
| US | 8.8.8.8:53 | ugwuvjvukyd.info | udp |
| US | 8.8.8.8:53 | bmhujchsp.net | udp |
| US | 8.8.8.8:53 | wamhos.info | udp |
| US | 8.8.8.8:53 | pgipnip.info | udp |
| US | 8.8.8.8:53 | iheapebbj.net | udp |
| US | 8.8.8.8:53 | jnlvxpcnip.net | udp |
| US | 8.8.8.8:53 | vixhexyw.info | udp |
| US | 8.8.8.8:53 | kymwqeeasa.org | udp |
| US | 8.8.8.8:53 | mlimcrci.net | udp |
| US | 8.8.8.8:53 | yxzqaqp.net | udp |
| US | 8.8.8.8:53 | rplzjoiijqio.info | udp |
| US | 8.8.8.8:53 | umcojoyczkl.info | udp |
| BG | 89.215.81.98:29947 | tcp | |
| US | 8.8.8.8:53 | bbfgzpnvwelu.net | udp |
| US | 8.8.8.8:53 | depqcsbcldht.net | udp |
| US | 8.8.8.8:53 | yoakqw.org | udp |
| US | 8.8.8.8:53 | rfnmhrjax.com | udp |
| US | 8.8.8.8:53 | suprzljnbb.info | udp |
| US | 8.8.8.8:53 | ooasyeagqi.com | udp |
| US | 8.8.8.8:53 | wmtcmaf.net | udp |
| US | 8.8.8.8:53 | soochwfxxun.net | udp |
| US | 8.8.8.8:53 | jmcuhqj.com | udp |
| US | 8.8.8.8:53 | kfxkgndz.info | udp |
| US | 8.8.8.8:53 | aznpsxvk.net | udp |
| US | 8.8.8.8:53 | qdounydzwz.info | udp |
| US | 8.8.8.8:53 | mudrxjthhwx.info | udp |
| US | 8.8.8.8:53 | aeuahyqamqvl.info | udp |
Files
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
| MD5 | 167cddd47a64501723cbc117ce32cd90 |
| SHA1 | a51a0724191828707bfd327619163f656ee8329f |
| SHA256 | 1d3c34fdd554999a2b7384b4d6931af491e729171980f73c2d887ef25dc921d2 |
| SHA512 | 61a8bada69102101dcb64d8fa9f243c8244764f351fae02b497b8496505ce86dff169451affe04a0b016ef6f839c26d69515065784def8fe9d1dd5d7462f6e22 |
C:\Windows\SysWOW64\iizqddsmzppcfqzzav.exe
| MD5 | ce23cbd71cc033cecb1958623ee620c1 |
| SHA1 | ee0c07c78a5eeb4216a4e178e871f04ef0ba9b00 |
| SHA256 | 270dce235ce96e14c6472a545008e2e80c489f41b21f8ce9db95a60dd18f99c3 |
| SHA512 | 9a26d99303a7e07e4b5be581d4621d8af9705106ef6f26ab5326911c0d0aa065658951c5ca5c3b7dc1c4603c65a5ff0b8dbed4dbbc43b7bcd3d93dafa18b6a73 |
C:\Users\Admin\AppData\Local\Temp\guzeft.exe
| MD5 | 33829d3d9ee385ba4bf68d9ce274d21e |
| SHA1 | 1f42504d6faa4bea0c3578d87056a41e5cdbdaab |
| SHA256 | 421d7485e802e8d0aa0b4dbfd6e3bd1fe5c0ba71269c27126973f023c301831f |
| SHA512 | f46dd4caa8cf4c495d47607bd5b7fed9030b5a5d850b18d7e48952059f2dc8e45bb09b8e9c5b8972f16be059de6af7bd7e1eeb42e25b8b07dba89ed058cd743e |
C:\Users\Admin\AppData\Local\jeqckfpemxsayeidzpjeqckfpemxsayeidz.jeq
| MD5 | bb5aa1bd67038e985b808fc7249e9198 |
| SHA1 | a08b21123a41ef12a7d0113b85fe05726c5b1e5e |
| SHA256 | 75dd0518eaaedf7a98d69f6c70d99249f38f5677a87d54ae3ce5013fb7b8dcf9 |
| SHA512 | e364de7934e3cae91f47d8ba52a762eb2d1353eaeabf275b69e65a9383485bb0f8a9824ab7a7eb820ee8e1aa13562048dcc7e0997f1f42a1e9646b62e9ef60d3 |
C:\Users\Admin\AppData\Local\aklmjtswttdaniblwbkuvwtd.gdd
| MD5 | 568bbe6ee0ffca779412392c147b926c |
| SHA1 | ab93edc24c731e87b73161a00497efc8dfb01013 |
| SHA256 | ec00ecc5231d3ab9cb713144875b8dc2dcb0910bb5d2575b3b5349c73f2e64d4 |
| SHA512 | b7e2c8a9f2cc53ec228434cfa38018388d913fa6368d0e02000a22017cd5a01ef1f6e48d105d4e8c556242b6ac3dfb44bdc095c99fecf995270f7e3610033ec8 |
C:\Program Files (x86)\aklmjtswttdaniblwbkuvwtd.gdd
| MD5 | 78094d8015bb767eacd1a4e60c958c39 |
| SHA1 | 9638d727aa32353645a476f75ea414e521bb91cd |
| SHA256 | 6ef2cb7ec5fc495f0320103dea273bcd9bb0da91f8a7d106c9e51a506dadd6da |
| SHA512 | c375bb1edcd21f94a27001969f672eea3d995b8865467561fe5af87c2e11db408e415c7bc5e8309bd837c527debb20a95c799659da971eff77bf5db3feb412ec |
C:\Program Files (x86)\aklmjtswttdaniblwbkuvwtd.gdd
| MD5 | c6bbe17d281d2dac3857ed7a7afaaa7b |
| SHA1 | 3d50c323132e3ad7dcc7692b25c201addfa32724 |
| SHA256 | debf1ad135d10f24f0a3539ddff9692172bc0a1ca74dce730a7fc6caaf4eacfb |
| SHA512 | 4a8a8a44539fb1a171b7ad66fbc9db289f6cf833d8f936a08e7d521bf63123e21fd2e389b071edf3c68c4048d968a93c370928887eb91c8941483b011c3ec773 |
C:\Program Files (x86)\aklmjtswttdaniblwbkuvwtd.gdd
| MD5 | 646af252def0f57fe9212517b1b0b99c |
| SHA1 | 770c9c42b21a597b25e4e4a885d14521be33e35e |
| SHA256 | 7816367de34a3e4a0ef1664bcbc8613799508d8bcca725941e044af0fe5514d5 |
| SHA512 | 6921a869ad29e663f3c7bc3af129c855779d5e49d6f5950bc5c1711f8618292e0b1553263427cbb2789622880a2548cccf3126a9d005086fa036954e0e74294c |
C:\Program Files (x86)\aklmjtswttdaniblwbkuvwtd.gdd
| MD5 | 3377e28116b916bb0b16e9b88b2d4945 |
| SHA1 | 1d02673e852e0ca4de5b24940f48ad98ebf8feb7 |
| SHA256 | afac44bca365fbabcf5c278d1d601903d747c2442320c51a39df36f31c016753 |
| SHA512 | b342be43666b3a956a7182dc83a0203a59b3a0e8eb89988a1cc17b46b71570a59c0ef1c268fed80cf00debf2c70d0a22c71ed9c168566c9e9f73cef436b51dd5 |
C:\Program Files (x86)\aklmjtswttdaniblwbkuvwtd.gdd
| MD5 | 12e6683b9600220e1fef4da860b312c2 |
| SHA1 | 087dd4ccb19860bf2784d12f07dc689573ce4faa |
| SHA256 | 5db9f1e64ea5b0cc0cb48f8ff6fc5055371eb37be8dd91df20d1d93bf559afc0 |
| SHA512 | 7654e393cd9ec0e96fe06bf3d24e608c34fc5b9c9b026d8b4adeff748e31a01cf52fa50be0ef8d006f1952777e781e42799278e5cee536a7da040e3524fa69bd |
C:\Program Files (x86)\aklmjtswttdaniblwbkuvwtd.gdd
| MD5 | 50d2ca215e01bf1fc69a00ce938582e9 |
| SHA1 | 72469642e9108edd46d376b16b4d03201a4773fd |
| SHA256 | a4f89f0464da7b91006c0a72dd1e85b0874d7d0474dc36476568aa4905dad982 |
| SHA512 | e152d1c8a49bb53f6e1d76128d05e58fd69d89e26cfc037fa89a014ae0b0887e9d4cd9c52c4175096c13f02b1268d3cf383b2b51f8981a75a6fcd8968236ff1e |