Analysis Overview
SHA256
075f8ff04a2ce29d55c82f2fabfa76187e0933b6b154614b45d5c5fdd41ed2a3
Threat Level: Known bad
The file JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94 was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Pykspa family
Pykspa
Modifies WinLogon for persistence
Detect Pykspa worm
Disables RegEdit via registry modification
Adds policy Run key to start application
Executes dropped EXE
Checks computer location settings
Impair Defenses: Safe Mode Boot
Looks up external IP address via web service
Adds Run key to start application
Hijack Execution Flow: Executable Installer File Permissions Weakness
Checks whether UAC is enabled
Drops file in System32 directory
Drops autorun.inf file
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
System policy modification
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-11 21:50
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-11 21:50
Reported
2025-04-11 21:53
Platform
win10v2004-20250410-en
Max time kernel
48s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "jjvvklztpfbdiyidunff.exe" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "yzmndfupmdadjalhztmna.exe" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "czifrparkxqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "yzmndfupmdadjalhztmna.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wvgfttgzujefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "jjvvklztpfbdiyidunff.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "yzmndfupmdadjalhztmna.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "vrzvgdndvhzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "ljtredphbpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "jjvvklztpfbdiyidunff.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "czifrparkxqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "yzmndfupmdadjalhztmna.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vrzvgdndvhzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wvgfttgzujefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yzmndfupmdadjalhztmna.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "czifrparkxqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czifrparkxqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "wvgfttgzujefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "yzmndfupmdadjalhztmna.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wvgfttgzujefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "ljtredphbpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vrzvgdndvhzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jjvvklztpfbdiyidunff.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "ljtredphbpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yzmndfupmdadjalhztmna.exe" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "vrzvgdndvhzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "vrzvgdndvhzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vrzvgdndvhzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vrzvgdndvhzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wvgfttgzujefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "yzmndfupmdadjalhztmna.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wvgfttgzujefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jjvvklztpfbdiyidunff.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vrzvgdndvhzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vrzvgdndvhzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "ljtredphbpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "vrzvgdndvhzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yzmndfupmdadjalhztmna.exe" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "yzmndfupmdadjalhztmna.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\czifrparkxqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\czifrparkxqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\yzmndfupmdadjalhztmna.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\jjvvklztpfbdiyidunff.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\jjvvklztpfbdiyidunff.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\jjvvklztpfbdiyidunff.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\yzmndfupmdadjalhztmna.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\yzmndfupmdadjalhztmna.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\wvgfttgzujefjyhbrja.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\ljtredphbpjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\jjvvklztpfbdiyidunff.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\ljtredphbpjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\yzmndfupmdadjalhztmna.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\vrzvgdndvhzxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\ljtredphbpjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\wvgfttgzujefjyhbrja.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\yzmndfupmdadjalhztmna.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\ljtredphbpjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\czifrparkxqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\ljtredphbpjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\jjvvklztpfbdiyidunff.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\czifrparkxqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\vrzvgdndvhzxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\yzmndfupmdadjalhztmna.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\yzmndfupmdadjalhztmna.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\wvgfttgzujefjyhbrja.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\yzmndfupmdadjalhztmna.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\yzmndfupmdadjalhztmna.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\ljtredphbpjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\vrzvgdndvhzxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\wvgfttgzujefjyhbrja.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\ljtredphbpjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\yzmndfupmdadjalhztmna.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\jjvvklztpfbdiyidunff.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\yzmndfupmdadjalhztmna.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ljtredphbpjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vrzvgdndvhzxykqh = "ljtredphbpjjmaibqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "czifrparkxqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "yzmndfupmdadjalhztmna.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qlsnxtcritkhhsx = "ljtredphbpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "czifrparkxqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qlsnxtcritkhhsx = "czifrparkxqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ljtredphbpjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vrzvgdndvhzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "yzmndfupmdadjalhztmna.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vrzvgdndvhzxykqh = "wvgfttgzujefjyhbrja.exe ." | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\czifrparkxqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czifrparkxqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\czifrparkxqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wvgfttgzujefjyhbrja.exe ." | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\czifrparkxqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wvgfttgzujefjyhbrja.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "ljtredphbpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\czifrparkxqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czifrparkxqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vrzvgdndvhzxykqh.exe ." | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yzmndfupmdadjalhztmna.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vrzvgdndvhzxykqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "vrzvgdndvhzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\czifrparkxqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe ." | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jjvvklztpfbdiyidunff.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yzmndfupmdadjalhztmna.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ljtredphbpjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jjvvklztpfbdiyidunff.exe" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "wvgfttgzujefjyhbrja.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qlsnxtcritkhhsx = "yzmndfupmdadjalhztmna.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "wvgfttgzujefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czifrparkxqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ljtredphbpjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "wvgfttgzujefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qlsnxtcritkhhsx = "jjvvklztpfbdiyidunff.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\czifrparkxqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czifrparkxqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qlsnxtcritkhhsx = "ljtredphbpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qlsnxtcritkhhsx = "vrzvgdndvhzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "yzmndfupmdadjalhztmna.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yzmndfupmdadjalhztmna.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vrzvgdndvhzxykqh = "jjvvklztpfbdiyidunff.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qlsnxtcritkhhsx = "vrzvgdndvhzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vrzvgdndvhzxykqh = "ljtredphbpjjmaibqh.exe ." | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\czifrparkxqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\czifrparkxqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jjvvklztpfbdiyidunff.exe ." | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "wvgfttgzujefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vrzvgdndvhzxykqh = "yzmndfupmdadjalhztmna.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "wvgfttgzujefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jjvvklztpfbdiyidunff.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\czifrparkxqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qlsnxtcritkhhsx = "wvgfttgzujefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wvgfttgzujefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "jjvvklztpfbdiyidunff.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jjvvklztpfbdiyidunff.exe ." | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "jjvvklztpfbdiyidunff.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qlsnxtcritkhhsx = "vrzvgdndvhzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czifrparkxqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vrzvgdndvhzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "ljtredphbpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ljtredphbpjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yzmndfupmdadjalhztmna.exe" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "jjvvklztpfbdiyidunff.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qlsnxtcritkhhsx = "yzmndfupmdadjalhztmna.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ljtredphbpjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vrzvgdndvhzxykqh = "wvgfttgzujefjyhbrja.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czifrparkxqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yzmndfupmdadjalhztmna.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czifrparkxqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| File created | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| File opened for modification | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\czifrparkxqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ljtredphbpjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\czifrparkxqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ljtredphbpjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\czifrparkxqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ljtredphbpjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ljtredphbpjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ljtredphbpjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wvgfttgzujefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wvgfttgzujefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wvgfttgzujefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\czifrparkxqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wvgfttgzujefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ljtredphbpjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\czifrparkxqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\czifrparkxqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ljtredphbpjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ljtredphbpjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wvgfttgzujefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\czifrparkxqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\dlfnktprvtxhusknmnnvpxud.bfd | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| File created | C:\Program Files (x86)\dlfnktprvtxhusknmnnvpxud.bfd | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| File opened for modification | C:\Program Files (x86)\mfkdlfmzoxmhforfpbmfkdlfmzoxmhforfp.mfk | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| File created | C:\Program Files (x86)\mfkdlfmzoxmhforfpbmfkdlfmzoxmhforfp.mfk | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\czifrparkxqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| File opened for modification | C:\Windows\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| File opened for modification | C:\Windows\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\ljtredphbpjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\yzmndfupmdadjalhztmna.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\yzmndfupmdadjalhztmna.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\yzmndfupmdadjalhztmna.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\czifrparkxqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\czifrparkxqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| File opened for modification | C:\Windows\yzmndfupmdadjalhztmna.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\vrzvgdndvhzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wvgfttgzujefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| File opened for modification | C:\Windows\czifrparkxqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\ljtredphbpjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\vrzvgdndvhzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| File opened for modification | C:\Windows\vrzvgdndvhzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\czifrparkxqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\ljtredphbpjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\czifrparkxqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\yzmndfupmdadjalhztmna.exe | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| File opened for modification | C:\Windows\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wvgfttgzujefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\vrzvgdndvhzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\vrzvgdndvhzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\vrzvgdndvhzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\czifrparkxqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wvgfttgzujefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\czifrparkxqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wvgfttgzujefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\vrzvgdndvhzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\czifrparkxqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\ljtredphbpjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\czifrparkxqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wvgfttgzujefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wvgfttgzujefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\ljtredphbpjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\jjvvklztpfbdiyidunff.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\prfhybrnldbfmeqngbvxln.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\yzmndfupmdadjalhztmna.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\ljtredphbpjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\ljtredphbpjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wvgfttgzujefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\vrzvgdndvhzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\vrzvgdndvhzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ljtredphbpjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yzmndfupmdadjalhztmna.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yzmndfupmdadjalhztmna.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yzmndfupmdadjalhztmna.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wvgfttgzujefjyhbrja.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\czifrparkxqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jjvvklztpfbdiyidunff.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vrzvgdndvhzxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vrzvgdndvhzxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yzmndfupmdadjalhztmna.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\czifrparkxqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\czifrparkxqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jjvvklztpfbdiyidunff.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jjvvklztpfbdiyidunff.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yzmndfupmdadjalhztmna.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jjvvklztpfbdiyidunff.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ljtredphbpjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ljtredphbpjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wvgfttgzujefjyhbrja.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ljtredphbpjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vrzvgdndvhzxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\czifrparkxqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yzmndfupmdadjalhztmna.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vrzvgdndvhzxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ljtredphbpjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wvgfttgzujefjyhbrja.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vrzvgdndvhzxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wvgfttgzujefjyhbrja.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\czifrparkxqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ljtredphbpjjmaibqh.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe"
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b00543b6e9ead74528eb07622f2f5c94.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."
C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe
"C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe" "-C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe"
C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe
"C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe" "-C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe .
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe .
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe .
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe .
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe .
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe .
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe .
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe .
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe .
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe
C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."
C:\Windows\jjvvklztpfbdiyidunff.exe
jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Windows\vrzvgdndvhzxykqh.exe
vrzvgdndvhzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."
C:\Windows\wvgfttgzujefjyhbrja.exe
wvgfttgzujefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe
C:\Windows\ljtredphbpjjmaibqh.exe
ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .
C:\Windows\czifrparkxqpreldr.exe
czifrparkxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .
C:\Windows\yzmndfupmdadjalhztmna.exe
yzmndfupmdadjalhztmna.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | www.ebay.com | udp |
| GB | 2.22.69.9:80 | www.ebay.com | tcp |
| BG | 78.90.55.229:40243 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | amyuyro.info | udp |
| US | 8.8.8.8:53 | yvzahepb.net | udp |
| US | 8.8.8.8:53 | qruszmh.info | udp |
| US | 8.8.8.8:53 | pnzmrkotdao.org | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | wvfvrj.net | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | qreixexcc.info | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | fndkcrty.info | udp |
| US | 8.8.8.8:53 | odtsdnjejyjs.net | udp |
| US | 8.8.8.8:53 | miiqomko.com | udp |
| US | 8.8.8.8:53 | zllngvgfem.net | udp |
| US | 8.8.8.8:53 | vgcxrnbbdy.info | udp |
| US | 8.8.8.8:53 | jekqzgl.info | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | ksoqhkvgrag.info | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | gpsyholakwt.info | udp |
| US | 8.8.8.8:53 | kndnlpjkob.info | udp |
| US | 8.8.8.8:53 | ackgaoqgma.com | udp |
| US | 8.8.8.8:53 | gockoi.com | udp |
| US | 8.8.8.8:53 | alransqrzrrr.net | udp |
| US | 8.8.8.8:53 | cfpadoelnhlo.net | udp |
| US | 8.8.8.8:53 | uojhvswqb.net | udp |
| US | 8.8.8.8:53 | sclkjzof.info | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | aehuhyz.info | udp |
| US | 8.8.8.8:53 | nzxoiz.info | udp |
| US | 8.8.8.8:53 | mepszgpobal.info | udp |
| US | 8.8.8.8:53 | tkasfibgn.info | udp |
| US | 8.8.8.8:53 | gnlorfibsp.net | udp |
| US | 8.8.8.8:53 | odstlxpfsleh.info | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | coclmqqm.info | udp |
| US | 8.8.8.8:53 | asbnfhnew.info | udp |
| US | 8.8.8.8:53 | rjgmhjrmjt.info | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | kmywsw.org | udp |
| US | 8.8.8.8:53 | rtzjrt.net | udp |
| US | 8.8.8.8:53 | ghbakzcvnuu.net | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | nhvlswsebeq.com | udp |
| US | 8.8.8.8:53 | xorvdzbu.net | udp |
| US | 8.8.8.8:53 | ieiasukucc.com | udp |
| US | 8.8.8.8:53 | hifgqiwdsgr.info | udp |
| US | 8.8.8.8:53 | bbngtct.info | udp |
| BG | 78.90.55.229:40243 | tcp | |
| US | 8.8.8.8:53 | ixpgvepvme.info | udp |
| US | 8.8.8.8:53 | wulaepn.net | udp |
| US | 8.8.8.8:53 | aoqrtf.info | udp |
| US | 8.8.8.8:53 | mmqumoyqgsqu.com | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | ritreafnlkn.info | udp |
| US | 8.8.8.8:53 | lofwzuf.net | udp |
| US | 8.8.8.8:53 | apblhryx.net | udp |
| US | 8.8.8.8:53 | mymwukwo.org | udp |
| US | 8.8.8.8:53 | pwzurcp.info | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | aanklsxah.info | udp |
| US | 8.8.8.8:53 | ueykucgiugak.org | udp |
| US | 8.8.8.8:53 | zhostz.info | udp |
| US | 8.8.8.8:53 | tihqnzoqx.net | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | ljncbldnjhav.info | udp |
| US | 8.8.8.8:53 | ebuygyziur.info | udp |
| US | 8.8.8.8:53 | iignwtuj.info | udp |
| US | 8.8.8.8:53 | aeiikekm.org | udp |
| US | 8.8.8.8:53 | kcusiqcoomqe.org | udp |
| US | 8.8.8.8:53 | wulqhqt.net | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | ssjwtnjcx.info | udp |
| US | 8.8.8.8:53 | uopvzse.info | udp |
| US | 8.8.8.8:53 | gwymuwakwqqg.com | udp |
| US | 8.8.8.8:53 | melgzhj.net | udp |
| US | 8.8.8.8:53 | ngocscbyqm.net | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | rwtqxbdcg.info | udp |
| US | 8.8.8.8:53 | bxhywnkujn.net | udp |
| US | 8.8.8.8:53 | bjsweevix.com | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | xpjlbfpuvqb.com | udp |
| US | 8.8.8.8:53 | ajjxrodr.net | udp |
| US | 8.8.8.8:53 | festhakwil.info | udp |
| US | 8.8.8.8:53 | swqcqw.org | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | pyhyhn.net | udp |
| US | 8.8.8.8:53 | eqkgosgauc.org | udp |
| US | 8.8.8.8:53 | miegwqqe.org | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | uukqdghcrvy.info | udp |
| US | 8.8.8.8:53 | xxzmnkmun.com | udp |
| US | 8.8.8.8:53 | ioziusi.net | udp |
| US | 8.8.8.8:53 | tmejspbpkx.net | udp |
| US | 8.8.8.8:53 | yxtlqc.info | udp |
| US | 8.8.8.8:53 | gwegqq.org | udp |
| US | 8.8.8.8:53 | magmqq.org | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | niaftzuxg.net | udp |
| US | 8.8.8.8:53 | azlrsd.net | udp |
| US | 8.8.8.8:53 | ukmgyaqqggea.com | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | nrzlgqkvhbno.info | udp |
| US | 8.8.8.8:53 | mkblxvjv.info | udp |
| US | 8.8.8.8:53 | nqweyoy.org | udp |
| US | 8.8.8.8:53 | srvexqpuqet.net | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | uousvz.net | udp |
| US | 8.8.8.8:53 | krofwfcxiy.info | udp |
| US | 8.8.8.8:53 | unuwber.net | udp |
| US | 8.8.8.8:53 | gejpyyv.info | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | hszczqffaiyh.info | udp |
| US | 8.8.8.8:53 | ukzflowq.info | udp |
| US | 8.8.8.8:53 | dgnezzzgh.org | udp |
| US | 8.8.8.8:53 | oswqaoioeuuw.com | udp |
| US | 8.8.8.8:53 | imnwxwdykuq.net | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | fypbmoztqdpg.info | udp |
| US | 8.8.8.8:53 | zutwnsfglyz.net | udp |
| US | 8.8.8.8:53 | hedyzwimpuk.com | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | qljalgxyjxp.net | udp |
| US | 8.8.8.8:53 | uskemiz.net | udp |
| US | 8.8.8.8:53 | dgjjttnjba.net | udp |
| US | 8.8.8.8:53 | lumsfokrp.org | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | kdpydvpey.info | udp |
| US | 8.8.8.8:53 | zxlpyazedst.net | udp |
| US | 8.8.8.8:53 | iewyqgummawc.org | udp |
| US | 8.8.8.8:53 | iettgoqmj.net | udp |
| US | 8.8.8.8:53 | qapwlqx.info | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | gynjaclu.info | udp |
| US | 8.8.8.8:53 | haueqyfw.info | udp |
| US | 8.8.8.8:53 | zhiervzsxa.info | udp |
| US | 8.8.8.8:53 | atcjjt.info | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | pqfmperg.net | udp |
| US | 8.8.8.8:53 | kilnql.info | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | ywuqug.com | udp |
| US | 8.8.8.8:53 | gmqswk.org | udp |
| US | 8.8.8.8:53 | rmxncisesrxb.net | udp |
| US | 8.8.8.8:53 | torkxc.net | udp |
| US | 8.8.8.8:53 | csegnsrwz.net | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | hkxqryj.info | udp |
| US | 8.8.8.8:53 | ozlekcn.net | udp |
| US | 8.8.8.8:53 | vgefiqwudf.net | udp |
| US | 8.8.8.8:53 | rmqacfykw.org | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | dadits.info | udp |
| US | 8.8.8.8:53 | bhaetbti.info | udp |
| US | 8.8.8.8:53 | quikggwuqqqq.com | udp |
| US | 8.8.8.8:53 | panapmlmval.com | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | bsbbcvkndp.info | udp |
| US | 8.8.8.8:53 | gykfkscjchem.info | udp |
| US | 8.8.8.8:53 | iwgwiwai.com | udp |
| US | 8.8.8.8:53 | oadaohuwzqn.net | udp |
| US | 8.8.8.8:53 | ukdryjwxbpkc.net | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | ylhmye.info | udp |
| US | 8.8.8.8:53 | emykeyqm.com | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | lntksufpm.net | udp |
| US | 8.8.8.8:53 | uvyqbc.info | udp |
| US | 8.8.8.8:53 | ccvczdfwxcvf.net | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | gkusvwpsdif.net | udp |
| US | 8.8.8.8:53 | muufhydlvb.info | udp |
| US | 8.8.8.8:53 | fshnsbialutk.info | udp |
| US | 8.8.8.8:53 | gglblwpqwcka.info | udp |
| US | 8.8.8.8:53 | tojcfdxyfle.com | udp |
| US | 8.8.8.8:53 | rmjwcx.net | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | iupoosbjkya.info | udp |
| US | 8.8.8.8:53 | xxjeksobyg.info | udp |
| US | 8.8.8.8:53 | sglunc.net | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | lzxuggc.net | udp |
| US | 8.8.8.8:53 | euaqqaqa.com | udp |
| US | 8.8.8.8:53 | tgwbzmrqj.org | udp |
| US | 8.8.8.8:53 | iwscec.com | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | tkjoxmaymyk.info | udp |
| US | 8.8.8.8:53 | ckdqwub.net | udp |
| US | 8.8.8.8:53 | lyrizussh.org | udp |
| US | 8.8.8.8:53 | ixcosigwpxa.info | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | fbbwlmf.com | udp |
| US | 8.8.8.8:53 | cylizmagjdw.net | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | nkfytes.info | udp |
| US | 8.8.8.8:53 | ggjgflarbuw.info | udp |
| US | 8.8.8.8:53 | fuxfzkpaqibr.info | udp |
| US | 8.8.8.8:53 | lozxnqlz.net | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | hhmhgy.info | udp |
| US | 8.8.8.8:53 | kuqsio.org | udp |
| US | 8.8.8.8:53 | sutixkkyh.net | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | mgfatmfap.info | udp |
| US | 8.8.8.8:53 | kkkmbvatj.info | udp |
| US | 8.8.8.8:53 | dpcsnozgi.net | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | arsgzcmax.info | udp |
| US | 8.8.8.8:53 | gqgxrimieiy.info | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | kgvyrzsg.net | udp |
| US | 8.8.8.8:53 | cdsydspsacx.info | udp |
| US | 8.8.8.8:53 | wlviuatsaz.net | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | koemcen.info | udp |
| US | 8.8.8.8:53 | zpquwtslfjiw.net | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | vkaqidtyai.net | udp |
| US | 8.8.8.8:53 | wipurgaqr.net | udp |
| US | 8.8.8.8:53 | pktgpflqntc.info | udp |
| US | 8.8.8.8:53 | kqsoicykmu.org | udp |
| US | 8.8.8.8:53 | teiznm.net | udp |
| US | 8.8.8.8:53 | ptennov.info | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | ioeyyiwyeyay.com | udp |
| US | 8.8.8.8:53 | iqdqlicfhiu.info | udp |
| US | 8.8.8.8:53 | iwzyrmfnhpb.net | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | ofglgtxcpo.net | udp |
| US | 8.8.8.8:53 | aphvza.net | udp |
| US | 8.8.8.8:53 | zaogct.info | udp |
| US | 8.8.8.8:53 | uwbyboziows.info | udp |
| US | 8.8.8.8:53 | pmayaxydpe.info | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | mrqtswozxbsg.info | udp |
| US | 8.8.8.8:53 | ewsagskgaeyi.com | udp |
| US | 8.8.8.8:53 | bwmymej.net | udp |
| US | 8.8.8.8:53 | fpzgjker.info | udp |
| US | 8.8.8.8:53 | fhzezlljj.org | udp |
| US | 8.8.8.8:53 | aisnfyh.info | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | vgjolpjqln.info | udp |
| US | 8.8.8.8:53 | rfojmu.net | udp |
| US | 8.8.8.8:53 | oxvijobiroly.net | udp |
| US | 8.8.8.8:53 | dvcwnnzszqf.com | udp |
| US | 8.8.8.8:53 | fowtbp.net | udp |
| US | 8.8.8.8:53 | exispooex.info | udp |
| US | 8.8.8.8:53 | nsrqpkm.net | udp |
| US | 8.8.8.8:53 | cgumemessosk.com | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | ychymgrkk.net | udp |
| US | 8.8.8.8:53 | ecoquq.org | udp |
| US | 8.8.8.8:53 | jfdfya.info | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | kwwygy.com | udp |
| US | 8.8.8.8:53 | mrwbgl.net | udp |
| US | 8.8.8.8:53 | hcvwug.info | udp |
| US | 8.8.8.8:53 | quvevqlqfby.net | udp |
| US | 8.8.8.8:53 | nqrtjx.info | udp |
| US | 8.8.8.8:53 | syowcuyoea.org | udp |
| US | 8.8.8.8:53 | sieewkaqgs.com | udp |
| US | 8.8.8.8:53 | xyhvhddre.net | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | vghlnpzjiv.info | udp |
| US | 8.8.8.8:53 | mcmyyese.org | udp |
| US | 8.8.8.8:53 | xmnllxncl.net | udp |
| US | 8.8.8.8:53 | pboqlatkp.info | udp |
| US | 8.8.8.8:53 | cogaomygcm.org | udp |
| US | 8.8.8.8:53 | uiktxbvzjon.info | udp |
| US | 8.8.8.8:53 | ooaugaseug.com | udp |
| US | 8.8.8.8:53 | zopndqfz.net | udp |
| US | 8.8.8.8:53 | uuiawq.com | udp |
| US | 8.8.8.8:53 | sefrwhxd.info | udp |
| US | 8.8.8.8:53 | fdtzhfluxci.com | udp |
| US | 8.8.8.8:53 | laqgfsif.net | udp |
| US | 8.8.8.8:53 | mlbomyv.net | udp |
| US | 8.8.8.8:53 | ucnzjvtqtqp.net | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | nrgghmncpch.info | udp |
| US | 8.8.8.8:53 | einodit.info | udp |
| US | 8.8.8.8:53 | idnzcxhl.net | udp |
| US | 8.8.8.8:53 | xfstzyt.net | udp |
| US | 8.8.8.8:53 | bbzcbrhwkf.info | udp |
| US | 8.8.8.8:53 | wskqiugwgm.com | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | nhwbzs.net | udp |
| US | 8.8.8.8:53 | pbffodp.info | udp |
| US | 8.8.8.8:53 | hmkduclgozze.info | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | xmyzftjh.net | udp |
| US | 8.8.8.8:53 | msinpoqqn.net | udp |
| US | 8.8.8.8:53 | blzyfvb.info | udp |
| US | 8.8.8.8:53 | vzokgombzp.net | udp |
| US | 8.8.8.8:53 | ewjqngn.net | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | yiuycwagmw.com | udp |
| US | 8.8.8.8:53 | xctygjjwhefy.net | udp |
| US | 8.8.8.8:53 | lxybrwnwn.info | udp |
| US | 8.8.8.8:53 | cmopwwjmlhc.net | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | sulqzm.net | udp |
| US | 8.8.8.8:53 | ivcntbhudkx.info | udp |
| US | 8.8.8.8:53 | cbdxtggq.info | udp |
| US | 8.8.8.8:53 | vkzhgqxcj.com | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | swuwqoeeuoma.com | udp |
| US | 8.8.8.8:53 | nkdcqobr.net | udp |
| US | 8.8.8.8:53 | jepodjp.com | udp |
| US | 8.8.8.8:53 | ykusua.org | udp |
| US | 8.8.8.8:53 | fajeonvw.info | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | clzkmstf.net | udp |
| US | 8.8.8.8:53 | zkpzpkn.com | udp |
| US | 8.8.8.8:53 | xnpyqt.info | udp |
| US | 8.8.8.8:53 | nyfmcylu.net | udp |
| US | 8.8.8.8:53 | jpjitj.info | udp |
| US | 8.8.8.8:53 | osrvvwfqtms.net | udp |
| US | 8.8.8.8:53 | zdkcheoy.info | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | hfswnxafkcrk.net | udp |
| US | 8.8.8.8:53 | pevgzwx.com | udp |
| US | 8.8.8.8:53 | mobkpkljx.info | udp |
| US | 8.8.8.8:53 | ddpqtlkbqmgu.info | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | ruwwnrtodl.net | udp |
| US | 8.8.8.8:53 | ushiomfgcwn.net | udp |
| US | 8.8.8.8:53 | jkrsuxwtml.net | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | xbvaeyibgg.net | udp |
| US | 8.8.8.8:53 | pbstzbchufek.net | udp |
| US | 8.8.8.8:53 | skxgwrnmdp.net | udp |
| US | 8.8.8.8:53 | cqpohaaqhsb.info | udp |
| US | 8.8.8.8:53 | okgmeams.org | udp |
| US | 8.8.8.8:53 | lrxsghrcnr.info | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | jsjlcgfvrb.net | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | qgwcovshystp.info | udp |
| US | 8.8.8.8:53 | nooqjs.info | udp |
| US | 8.8.8.8:53 | vewaqhwt.net | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | cwcmum.com | udp |
| US | 8.8.8.8:53 | jlnpnunchke.org | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | ufxapszat.net | udp |
| US | 8.8.8.8:53 | ziujnw.info | udp |
| US | 8.8.8.8:53 | aekoyu.com | udp |
| US | 8.8.8.8:53 | fbtkvgoqyy.net | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | lqzwzhzih.net | udp |
| US | 8.8.8.8:53 | zpfjkoet.net | udp |
| US | 8.8.8.8:53 | bqpssztj.info | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | sxefnv.info | udp |
| US | 8.8.8.8:53 | gohmqalajsf.info | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | firzpotuljdz.net | udp |
| US | 8.8.8.8:53 | scimuacsow.com | udp |
| US | 8.8.8.8:53 | sswkwmmumymc.org | udp |
| US | 8.8.8.8:53 | wslexcoaxiz.net | udp |
| US | 8.8.8.8:53 | blpejqztjku.info | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | nuiebdxav.com | udp |
| US | 8.8.8.8:53 | tytxxgt.net | udp |
| US | 8.8.8.8:53 | dqbjvqxx.net | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | kbvitanxnbt.info | udp |
| US | 8.8.8.8:53 | fvnyjuvirg.info | udp |
| US | 8.8.8.8:53 | qcclscrydan.info | udp |
| US | 8.8.8.8:53 | ejdarm.net | udp |
| US | 8.8.8.8:53 | ugoawookuwcq.com | udp |
| US | 8.8.8.8:53 | ygegkmfwpif.net | udp |
| US | 8.8.8.8:53 | cggcjgr.net | udp |
| US | 8.8.8.8:53 | xonclcxcfiw.org | udp |
| US | 8.8.8.8:53 | cdalhlfkim.info | udp |
| US | 8.8.8.8:53 | hubkputuszdm.info | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | bibahknuv.com | udp |
| US | 8.8.8.8:53 | hmseuvfip.net | udp |
| US | 8.8.8.8:53 | iurccqred.info | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | izbuvhoj.info | udp |
| US | 8.8.8.8:53 | uotxtlhko.net | udp |
| US | 8.8.8.8:53 | oppehslpipz.net | udp |
| US | 8.8.8.8:53 | uyfooid.info | udp |
| US | 8.8.8.8:53 | gcaqmseewiuw.com | udp |
| US | 8.8.8.8:53 | vdgxjcdgzx.net | udp |
| US | 8.8.8.8:53 | pfhqjsjdzakt.net | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | hcdvsib.org | udp |
| US | 8.8.8.8:53 | sbkmnqyiv.net | udp |
| US | 8.8.8.8:53 | kcyobre.net | udp |
| US | 8.8.8.8:53 | boltddtv.net | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | etvntddo.net | udp |
| US | 8.8.8.8:53 | duuwgwx.com | udp |
| US | 8.8.8.8:53 | gdukthalrchx.info | udp |
| US | 8.8.8.8:53 | lqzuhoeypvzo.net | udp |
| US | 8.8.8.8:53 | dtueiuicno.net | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | lhcobsmuxk.net | udp |
| US | 8.8.8.8:53 | dedgdgt.info | udp |
| US | 8.8.8.8:53 | nnfkzeb.net | udp |
| US | 8.8.8.8:53 | xglcsp.info | udp |
| US | 8.8.8.8:53 | codlfcvwrid.net | udp |
| US | 8.8.8.8:53 | dazgxqz.info | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | vtdgcpukdhct.net | udp |
| US | 8.8.8.8:53 | hzydhefvvimf.net | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | eytsjktgqqn.net | udp |
| US | 8.8.8.8:53 | netygbeox.net | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | suuquqig.org | udp |
| US | 8.8.8.8:53 | aggmogkgiaue.com | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | ibsbgnpn.info | udp |
| US | 8.8.8.8:53 | eciqiaqq.com | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | pmiilcxxf.com | udp |
| US | 8.8.8.8:53 | qjtdghuuon.net | udp |
| US | 8.8.8.8:53 | aahpzwbahhr.info | udp |
| US | 8.8.8.8:53 | iqaaaodic.info | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | rzrhlm.net | udp |
| US | 8.8.8.8:53 | fowcjinw.net | udp |
| US | 8.8.8.8:53 | eawiyqwg.org | udp |
| US | 8.8.8.8:53 | rjdkoiytdut.info | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | iwlvpffbz.info | udp |
| US | 8.8.8.8:53 | qufahuv.info | udp |
| US | 8.8.8.8:53 | gycgce.com | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | bkrobnowi.net | udp |
| US | 8.8.8.8:53 | xvvqpgimfoma.net | udp |
| US | 8.8.8.8:53 | sccuwm.org | udp |
| US | 8.8.8.8:53 | fpbrxbjlby.info | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | oppfwkrqclal.net | udp |
| US | 8.8.8.8:53 | lfefyabalmf.net | udp |
| US | 8.8.8.8:53 | wjfmbgi.net | udp |
| US | 8.8.8.8:53 | cywumrasxkp.net | udp |
| US | 8.8.8.8:53 | hbkxelapjw.net | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | mqbwvenalkh.net | udp |
| US | 8.8.8.8:53 | gzjdldhe.info | udp |
| US | 8.8.8.8:53 | oqwqco.com | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | vdbtmkvpbejb.net | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | poemqzpxpgft.net | udp |
| US | 8.8.8.8:53 | imhmqeoivty.info | udp |
| US | 8.8.8.8:53 | tynxxlab.net | udp |
| US | 8.8.8.8:53 | vgboksnbdlu.org | udp |
| US | 8.8.8.8:53 | ceskckjipdh.net | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | iiowsqp.info | udp |
| US | 8.8.8.8:53 | lfvjyd.info | udp |
| US | 8.8.8.8:53 | ywnvyt.net | udp |
| US | 8.8.8.8:53 | kgxtgz.net | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | mquiwsmuag.com | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | gngdymj.net | udp |
| US | 8.8.8.8:53 | bhigxqvlvb.net | udp |
| US | 8.8.8.8:53 | oceeye.org | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | lmjeomv.info | udp |
| US | 8.8.8.8:53 | biojmndv.net | udp |
| US | 8.8.8.8:53 | qctkymoht.info | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | tkjhbeded.net | udp |
| US | 8.8.8.8:53 | wsceeyse.com | udp |
| US | 8.8.8.8:53 | weygsmgqukam.com | udp |
| US | 8.8.8.8:53 | dyjiombtv.com | udp |
| US | 8.8.8.8:53 | kxthnyuyrcz.info | udp |
| US | 8.8.8.8:53 | laasjh.info | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | ybfjbaixl.net | udp |
| US | 8.8.8.8:53 | cmhxhqngf.info | udp |
| US | 8.8.8.8:53 | ekpuedgb.info | udp |
| US | 8.8.8.8:53 | hdebyuvytv.net | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | cssamu.org | udp |
| US | 8.8.8.8:53 | odywavx.info | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | nexqrcvwfiz.org | udp |
| US | 8.8.8.8:53 | qfgcwaho.info | udp |
| US | 8.8.8.8:53 | awuces.org | udp |
| US | 8.8.8.8:53 | zsyqlyceqk.net | udp |
| US | 8.8.8.8:53 | vesegk.net | udp |
| US | 8.8.8.8:53 | dxfybepqfdvc.info | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | yiygmoug.com | udp |
| US | 8.8.8.8:53 | tdzszvm.info | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | rhxwaw.info | udp |
| US | 8.8.8.8:53 | ichuubl.net | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | wkocyguiko.com | udp |
| US | 8.8.8.8:53 | tbvlfynsrnrj.net | udp |
| US | 8.8.8.8:53 | mskmammm.info | udp |
| US | 8.8.8.8:53 | uewwam.org | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | hhrbdl.info | udp |
| US | 8.8.8.8:53 | jgzjnvymi.org | udp |
| US | 8.8.8.8:53 | ztjczssogks.info | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | nevsmynqooo.com | udp |
| US | 8.8.8.8:53 | semyscageu.org | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | qynsmlkih.info | udp |
| US | 8.8.8.8:53 | iqwkqayksemm.org | udp |
| US | 8.8.8.8:53 | hlifyaop.info | udp |
| US | 8.8.8.8:53 | ddrgvh.net | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | ywmqqslyz.net | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | jiwcbcmcxyh.info | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | tipsme.info | udp |
| US | 103.224.212.210:80 | tipsme.info | tcp |
| US | 8.8.8.8:53 | uqekgui.info | udp |
| US | 8.8.8.8:53 | bqbgjwx.info | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | wmieicqq.org | udp |
| US | 8.8.8.8:53 | uotvjsicjkj.info | udp |
| US | 8.8.8.8:53 | ewlykh.info | udp |
| US | 8.8.8.8:53 | tahzcngx.net | udp |
| US | 8.8.8.8:53 | gsauyuqi.org | udp |
| US | 8.8.8.8:53 | gvzvpvbpuu.net | udp |
| US | 8.8.8.8:53 | dtfntqoprjji.net | udp |
| US | 8.8.8.8:53 | xfmvctzzwt.info | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | ynvjcszu.net | udp |
| US | 8.8.8.8:53 | dgziycyvtyl.net | udp |
| US | 8.8.8.8:53 | zgkyfwpypui.info | udp |
| US | 8.8.8.8:53 | nxxixqhqp.info | udp |
| US | 8.8.8.8:53 | ovnqhtobw.info | udp |
| US | 8.8.8.8:53 | uazolnii.net | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | agnybqy.net | udp |
| US | 8.8.8.8:53 | sodemahohvh.net | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | zhtrmyijqy.info | udp |
| US | 8.8.8.8:53 | cwwbhcxi.net | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | mngjhmv.info | udp |
| US | 8.8.8.8:53 | fxzzxmcospds.net | udp |
| US | 8.8.8.8:53 | mcxwerdv.info | udp |
| US | 8.8.8.8:53 | nklpjtolb.info | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | umjxlt.net | udp |
| US | 8.8.8.8:53 | dlcedff.net | udp |
| US | 8.8.8.8:53 | puujfx.info | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | ckgauiseig.com | udp |
| US | 8.8.8.8:53 | roucgnral.org | udp |
| US | 8.8.8.8:53 | sytblnvkyl.net | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | ynxmljhtloz.net | udp |
| US | 8.8.8.8:53 | ecnmne.info | udp |
| US | 8.8.8.8:53 | xhrsoz.net | udp |
| US | 8.8.8.8:53 | otbynjbp.net | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | jfpqqdqobex.net | udp |
| US | 8.8.8.8:53 | gxpxhkjv.net | udp |
| US | 8.8.8.8:53 | drbyvspcj.org | udp |
| US | 8.8.8.8:53 | zgbaezq.info | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | ijodkjmdxa.info | udp |
| US | 8.8.8.8:53 | innagarno.net | udp |
| US | 8.8.8.8:53 | mthcdwpmvvs.net | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | hoatlhcxpfba.info | udp |
| US | 8.8.8.8:53 | qgcivdpoduh.info | udp |
| US | 8.8.8.8:53 | vukdtgd.info | udp |
| US | 8.8.8.8:53 | zattweexof.info | udp |
| US | 8.8.8.8:53 | uuhnjkje.net | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | konkgsqof.net | udp |
| US | 8.8.8.8:53 | iywejt.info | udp |
| US | 8.8.8.8:53 | ofpiullo.net | udp |
| US | 8.8.8.8:53 | ahjrdqpiyyq.info | udp |
| US | 8.8.8.8:53 | iwnsys.info | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | pgdrzr.info | udp |
| US | 8.8.8.8:53 | genefgokl.net | udp |
| US | 8.8.8.8:53 | blxujvj.org | udp |
| US | 8.8.8.8:53 | npetrsvi.info | udp |
| US | 8.8.8.8:53 | wjvolvgmmv.info | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | foaurmp.net | udp |
| US | 8.8.8.8:53 | zorohehpvdqw.info | udp |
| US | 8.8.8.8:53 | hpibxh.info | udp |
| US | 8.8.8.8:53 | lylhtjnctol.org | udp |
| US | 8.8.8.8:53 | moxojhtypai.net | udp |
| US | 8.8.8.8:53 | bdtdda.info | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | sckklowtn.info | udp |
| US | 8.8.8.8:53 | dgxgpxfkaix.com | udp |
| US | 8.8.8.8:53 | gsuqaiw.net | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | kqwyxqx.info | udp |
| US | 8.8.8.8:53 | tcfsqfmcbu.info | udp |
| US | 8.8.8.8:53 | receqmk.org | udp |
| US | 8.8.8.8:53 | kokwupdgby.net | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | lzteiudervcm.info | udp |
| US | 8.8.8.8:53 | ryrywsqk.info | udp |
| US | 8.8.8.8:53 | memsrsvcltq.info | udp |
| US | 8.8.8.8:53 | ynxobt.info | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | ukgaem.org | udp |
| US | 8.8.8.8:53 | zoqcfgdup.com | udp |
| US | 8.8.8.8:53 | yufzgvcy.net | udp |
| US | 8.8.8.8:53 | mcmsywso.org | udp |
| US | 8.8.8.8:53 | sarmxmdrnqc.net | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | heraofjywibl.info | udp |
| US | 8.8.8.8:53 | wqpuzalt.info | udp |
| US | 8.8.8.8:53 | gcjaxqt.net | udp |
| US | 8.8.8.8:53 | dbnendxrhmtp.net | udp |
| US | 8.8.8.8:53 | oqdesiwsnit.net | udp |
| US | 8.8.8.8:53 | aogkkkcqymki.org | udp |
| US | 8.8.8.8:53 | znlinygevif.org | udp |
| US | 8.8.8.8:53 | ikcwhaznousb.info | udp |
| US | 8.8.8.8:53 | dqjldw.info | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | hzmudyxngt.info | udp |
| US | 8.8.8.8:53 | djpvvfs.org | udp |
| US | 8.8.8.8:53 | wbakhn.info | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | tymvbyh.org | udp |
| US | 8.8.8.8:53 | mmswgekmgo.com | udp |
| US | 8.8.8.8:53 | pelwbalb.net | udp |
| US | 8.8.8.8:53 | fxfwrxeobj.info | udp |
| US | 8.8.8.8:53 | wncycqpiii.net | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | uzdvhctrsws.info | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | bylefyhnx.net | udp |
| US | 8.8.8.8:53 | dwjtmzbdji.net | udp |
| US | 8.8.8.8:53 | cdnuiurjbsxm.net | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | ujvssrcqf.net | udp |
| US | 8.8.8.8:53 | ivpyblsbyddt.net | udp |
| US | 8.8.8.8:53 | ceuqimycam.org | udp |
| US | 8.8.8.8:53 | nftqhgfv.net | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | apxchhpqbp.info | udp |
| US | 8.8.8.8:53 | yhbivwx.info | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | kkdihwdfnur.info | udp |
| US | 8.8.8.8:53 | pdvfratsojp.com | udp |
| US | 8.8.8.8:53 | toudyt.info | udp |
| US | 8.8.8.8:53 | cstkfejpp.info | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | dmhsltiybaw.net | udp |
| US | 8.8.8.8:53 | wcuowwwoic.org | udp |
| US | 8.8.8.8:53 | gsfszojiceh.info | udp |
| US | 8.8.8.8:53 | yacuqueq.org | udp |
| US | 8.8.8.8:53 | rwzjdujlijpi.net | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | uzzjtnfjtx.net | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | lgjhbmuez.net | udp |
| US | 8.8.8.8:53 | kdfumkh.info | udp |
| US | 8.8.8.8:53 | iuacxe.net | udp |
| US | 8.8.8.8:53 | uvurboxdgmto.net | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | bbnvrlahde.net | udp |
| US | 8.8.8.8:53 | arbsvzz.info | udp |
| US | 8.8.8.8:53 | mypdhmhjhv.info | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | oaqkmksuwkqi.com | udp |
| US | 8.8.8.8:53 | faljhg.info | udp |
| US | 8.8.8.8:53 | oerllu.net | udp |
| US | 8.8.8.8:53 | wmyissysou.org | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | csuksgsu.org | udp |
| US | 8.8.8.8:53 | hlxqpyzblicy.net | udp |
| US | 8.8.8.8:53 | eczuugk.info | udp |
| US | 8.8.8.8:53 | hytlvzlmhxdo.net | udp |
| US | 8.8.8.8:53 | caxefq.net | udp |
| US | 8.8.8.8:53 | haxolenar.info | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | sjvgbur.info | udp |
| US | 8.8.8.8:53 | vrtkoruopgjp.net | udp |
| US | 8.8.8.8:53 | ntjqbipw.net | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | aqtzpymezgf.info | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | wtwavsvhjpy.info | udp |
| US | 8.8.8.8:53 | igzcvqf.net | udp |
| US | 8.8.8.8:53 | dxqtdiiahk.info | udp |
| US | 8.8.8.8:53 | fkocscdzbg.info | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | bokmbmdepgh.net | udp |
| US | 8.8.8.8:53 | jpjfzc.net | udp |
| US | 8.8.8.8:53 | nwjbjsh.com | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | nalyuwoftjdi.net | udp |
| US | 8.8.8.8:53 | lctwrkj.com | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | ucomgsigaymw.com | udp |
| US | 8.8.8.8:53 | hmnxepcabint.info | udp |
| US | 8.8.8.8:53 | usjekmdukik.net | udp |
| US | 8.8.8.8:53 | watulwldlam.info | udp |
| US | 8.8.8.8:53 | hirsllfq.net | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | gikcegya.com | udp |
| US | 8.8.8.8:53 | uadyzgykl.net | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | xitbtenmj.info | udp |
| US | 8.8.8.8:53 | ryjwgsg.org | udp |
| US | 8.8.8.8:53 | hderxm.info | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | fzhfbbstgg.info | udp |
| US | 8.8.8.8:53 | aeyqwycqouus.com | udp |
| US | 8.8.8.8:53 | zowsjdjumvnc.net | udp |
| US | 8.8.8.8:53 | kycagccyykuo.com | udp |
| US | 8.8.8.8:53 | nxjabftjfx.info | udp |
| US | 8.8.8.8:53 | qdsxis.net | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | hmzolwn.net | udp |
| US | 8.8.8.8:53 | tmuoefrmron.info | udp |
| US | 8.8.8.8:53 | oekacu.org | udp |
| US | 8.8.8.8:53 | hwryjrkxxt.info | udp |
| US | 8.8.8.8:53 | pepdnezalyz.info | udp |
| US | 8.8.8.8:53 | rlhflm.net | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | pjpmpkpqu.com | udp |
| US | 8.8.8.8:53 | qqnctidib.net | udp |
| US | 8.8.8.8:53 | gwkcesoeua.com | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | rxypuc.info | udp |
| US | 8.8.8.8:53 | vihxtze.com | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | javlyavj.info | udp |
| US | 8.8.8.8:53 | kgsoqusmao.com | udp |
| US | 8.8.8.8:53 | puiipttccvb.com | udp |
| US | 8.8.8.8:53 | hircyb.info | udp |
| US | 8.8.8.8:53 | mkceieyml.info | udp |
| US | 8.8.8.8:53 | dkvcblv.info | udp |
| US | 8.8.8.8:53 | iwoouml.info | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | kcckokoemgie.org | udp |
| US | 8.8.8.8:53 | yaaeeq.com | udp |
| US | 8.8.8.8:53 | jvvruulhqiid.info | udp |
| US | 8.8.8.8:53 | usewgekswise.org | udp |
| US | 8.8.8.8:53 | ogqcgyceukmc.org | udp |
| US | 8.8.8.8:53 | ygfmkg.info | udp |
| US | 8.8.8.8:53 | vuvqvpywfl.info | udp |
| US | 8.8.8.8:53 | lbxczrzdztn.org | udp |
| US | 8.8.8.8:53 | bgosyetadntf.net | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | dalquhj.com | udp |
| US | 8.8.8.8:53 | ytzoiinthop.info | udp |
| US | 8.8.8.8:53 | sisaewaamowo.org | udp |
| US | 8.8.8.8:53 | xojgyjx.com | udp |
| US | 8.8.8.8:53 | ydnjuaarjo.info | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | xlleoqx.info | udp |
| US | 8.8.8.8:53 | ieawwuoa.com | udp |
| US | 8.8.8.8:53 | swecui.org | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | hojomuxdd.org | udp |
| US | 8.8.8.8:53 | iimsyy.org | udp |
| US | 8.8.8.8:53 | ffhlyi.net | udp |
| US | 8.8.8.8:53 | qiqkuk.org | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | wciweusk.com | udp |
| US | 8.8.8.8:53 | lpyzxueqh.com | udp |
| US | 8.8.8.8:53 | zkrujccuq.com | udp |
| US | 8.8.8.8:53 | feibjeh.net | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | lidpjtxspuro.info | udp |
| US | 8.8.8.8:53 | xkewltzscms.com | udp |
| US | 8.8.8.8:53 | xkpkprdup.org | udp |
| US | 8.8.8.8:53 | ehuivrdih.info | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | ecscoe.org | udp |
| US | 8.8.8.8:53 | cyesackoyask.org | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | mwacsoiq.com | udp |
| US | 8.8.8.8:53 | tobgbd.net | udp |
| US | 8.8.8.8:53 | eduilyvhpmka.info | udp |
| US | 8.8.8.8:53 | cgzqtowog.info | udp |
| US | 8.8.8.8:53 | qmridkj.net | udp |
| US | 8.8.8.8:53 | sgmqki.org | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | cilggmewzkv.info | udp |
| US | 8.8.8.8:53 | tvcgrzr.net | udp |
| US | 8.8.8.8:53 | bcnghtxwjpqw.net | udp |
| US | 8.8.8.8:53 | dmxclilkdjf.com | udp |
| US | 8.8.8.8:53 | tirvxdricu.net | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| US | 8.8.8.8:53 | rwokit.net | udp |
| US | 8.8.8.8:53 | zkunjlxqmaa.net | udp |
| US | 8.8.8.8:53 | mdwpws.info | udp |
| US | 8.8.8.8:53 | zhomtabjnla.com | udp |
| US | 8.8.8.8:53 | unhgzgfew.info | udp |
| US | 8.8.8.8:53 | irncrwdnxym.info | udp |
| US | 8.8.8.8:53 | pjdwlf.info | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | iirkxsoin.net | udp |
| US | 8.8.8.8:53 | zkswqgyt.info | udp |
| US | 8.8.8.8:53 | xmhqrchqn.com | udp |
| US | 162.241.85.41:80 | kiokao.com | tcp |
| US | 8.8.8.8:53 | lowfbmri.net | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | hwldvx.net | udp |
Files
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
| MD5 | cc52437b203166c0639cba4112374e15 |
| SHA1 | c8d1342e85910208c67c7afd7fe9ff1059bc51ea |
| SHA256 | dfc5cbdd18d8f313cb7d214de1bd55391de535c0ad59d541f602c6666d040033 |
| SHA512 | c7405cb4734bb13c0becf39574de8360b8ab74b909d3bb749e5d1be8751543e9e58eef056c53a45146c8a146e10d0ab0eb190572d9d28054248967cce8c03ee1 |
C:\Windows\SysWOW64\ljtredphbpjjmaibqh.exe
| MD5 | b00543b6e9ead74528eb07622f2f5c94 |
| SHA1 | 36310f1caec808d700c5f8147ebb1b6f60aee09a |
| SHA256 | 075f8ff04a2ce29d55c82f2fabfa76187e0933b6b154614b45d5c5fdd41ed2a3 |
| SHA512 | 7f2937a25b363b139839cf491e7e9e2097ab5d469b3d8486aa23782b816fc63a7bd43f522c0fab1780dd80db32a0d5c84df635851ceb1f7d64bffc84e294bd4b |
C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe
| MD5 | 5274272730fbe803779e09010b34550e |
| SHA1 | 6c41d16844fe78c362d72eaaabd6fa1ace1828de |
| SHA256 | 3b73b53fc02463e76e85198758399cfc6488e199a305b4df2e6e3a2580cbc6b8 |
| SHA512 | 76847b500e4f77a2037e0bfc61b7cc076020bf4221cebafb335747a579d265978c25096ebdb21f9a83ff3c60b9e96f3a29ca3f72d84952f0e192f6de12438359 |
C:\Users\Admin\AppData\Local\dlfnktprvtxhusknmnnvpxud.bfd
| MD5 | 75cb4657e2515f60dd2e937db5313da7 |
| SHA1 | 2541257ae165802eefe2895b80d8f65814f1e1fe |
| SHA256 | 50368a991d06fd26b3b35b947b96c5673f0e9e119142c4acea7e1f020320f9ed |
| SHA512 | 033332ecd53e4e5352ffdb69517ba06321b6216dbaa5394303d09a15cf844cbafe3b6768576a4e698dbf8a87bc2210d55b8a449668eff553a8cb90532235595a |
C:\Users\Admin\AppData\Local\mfkdlfmzoxmhforfpbmfkdlfmzoxmhforfp.mfk
| MD5 | 6ab58a710575eae83fd3d4c142fb4275 |
| SHA1 | fc1066e31ba5aef18c9076c482d1c45f7b4cbf05 |
| SHA256 | 2e5711b1fbb11202e705d1048cf7e6214a58d9e911c4b1545a45e62b5f19c358 |
| SHA512 | 70958ee88c4633be1b7a5fc4b894ef305cba11e1d526071198a3648f491340457a926cafac25713007e6a31c614c3e91be1bc8f5b5421719395ba6b2aaf3de3e |
C:\Program Files (x86)\dlfnktprvtxhusknmnnvpxud.bfd
| MD5 | f3c3dbd3356d66064077dc6fbdb55caa |
| SHA1 | bf308763058a90f2e523dfbbf9e8065c2cf83bec |
| SHA256 | 7dca220d00f8164e53e38f98554eb6df8232213340afff7d63b6b9bac41bb97c |
| SHA512 | 36681a1e12b018a93d92db6e20800ba34183c58b7b7edd0072efd5326ce37c77150562ba24b2489169869ed2aeb10ab42c95f39230d1280cdcb418dfbfe73b80 |
C:\Program Files (x86)\dlfnktprvtxhusknmnnvpxud.bfd
| MD5 | 286b64527b544a6ef7080b6c7f9bcb0e |
| SHA1 | d5e27b4bfd6045b6249e822db44257da74cd8193 |
| SHA256 | aee3f1b34cb834167084eb712dba5c0f3babd866d6d6d989d20301fdcfc4f00f |
| SHA512 | 054d0a5b149ae0e35facf23416bda565bf4ec4d502e0450957fee024a2427302295666e56d2a86c326c3a902f66dd0bc397654f219f6ce4aaabff67dd5cc13da |
C:\Program Files (x86)\dlfnktprvtxhusknmnnvpxud.bfd
| MD5 | b746b1ac229e6bcf7ae74e7ee681d9fc |
| SHA1 | f33cd3cb70bde9e9a81612aef5c0408d2e3e285d |
| SHA256 | 5d4c00baebb6502514b823028986b2490239037f9c844fcd5520f6c4100d9eb1 |
| SHA512 | d86c085e8115a0e5d6d88501e267401e43f114a4e179aa9c54fc9ddd09af944ccd36c8527e00da4551d8b9cf6bd03c23b52197ca4e96a0fadb080aa45c8841e4 |
C:\Program Files (x86)\dlfnktprvtxhusknmnnvpxud.bfd
| MD5 | 30ba70477042a5170e69afc995f271c8 |
| SHA1 | c254d2d5a64d71017950a3daf2fbecaa91175270 |
| SHA256 | ff70e2696f9fb6debad9f6c3d30e823dfa5bef23e0e2ceb21152c6d38dc7647d |
| SHA512 | 13c5b276525310593a8ec2e4582f535048f3252e91c537db590d8968eb21123865ba5a660af03116b67a09f6727a7eec089bb74db5a51a284c5aab29b70b36a4 |
C:\Program Files (x86)\dlfnktprvtxhusknmnnvpxud.bfd
| MD5 | 9003fef1377fe55362ff3a44ec591901 |
| SHA1 | 7523983bc90c93d0845c8743495488df638c4533 |
| SHA256 | 522f925f6f5747def9b66015cb82c2221d851580a4cea284ca68dd925c7ff97c |
| SHA512 | 01059145bd682feafdad09b1ecd861ad492a8e088bc19dcc3aa6d81219184daf7061d036ade89675d54b0250bcd8b2421955c8101a9f14077f255de6711e94ea |
C:\Program Files (x86)\dlfnktprvtxhusknmnnvpxud.bfd
| MD5 | 7ff49839c2e68461789d2338423c0ba8 |
| SHA1 | 5179eee7ca23b910b662b1c3e7dbfac8685aade7 |
| SHA256 | b2354d3bceddead9cf2c46a00ac90b77770b9cd65c59e9923617befaee6a11fd |
| SHA512 | cc8ec4ed06cdfb36058c1da9a1ed2cac4d9c3745176bbc07c28c583d8e4f32b93fdb9bd978a667767b27e6360db1ebc7870ccaaa576875103bbe711dddfc4a88 |
C:\Program Files (x86)\dlfnktprvtxhusknmnnvpxud.bfd
| MD5 | c629ec83b61e9e07d7c9655e792570e3 |
| SHA1 | c6658e2a530f32dc3ea5f6a7648595f5a71f371b |
| SHA256 | 57a7b484cdbcc30099edf4ab9fb783750c10dfbd2d951106cbb3d5fa53692a27 |
| SHA512 | ae00e0a2efa600769b4558ece99ca287a53c30d5a05e17f562420aeb8cc7114153f0328595c4089cb6e716d54a6bfb606ab4af417837142cb46a8ee5c0689b5a |