Analysis Overview
SHA256
f71aac19d5e1e24a5b983a37d068604ef8d1ece82b27eefccd52c8dfd3ce5426
Threat Level: Known bad
The file JaffaCakes118_b1a720ff3f312809e834babbc8238648 was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
UAC bypass
Pykspa family
Pykspa
Detect Pykspa worm
Disables RegEdit via registry modification
Adds policy Run key to start application
Impair Defenses: Safe Mode Boot
Executes dropped EXE
Checks computer location settings
Looks up external IP address via web service
Adds Run key to start application
Hijack Execution Flow: Executable Installer File Permissions Weakness
Checks whether UAC is enabled
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
System Location Discovery: System Language Discovery
System policy modification
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-12 08:21
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-12 08:21
Reported
2025-04-12 08:24
Platform
win10v2004-20250410-en
Max time kernel
44s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dylgjdumoeadjalhztrmz.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "hyhyxnaomyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "hyhyxnaomyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "oiuoqjzqrgbdiyidunke.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "qiskkbpedqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqyombnaxizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "bufyzrgwwkefjyhbrjf.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oiuoqjzqrgbdiyidunke.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "qiskkbpedqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "hyhyxnaomyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "aqyombnaxizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qiskkbpedqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "bufyzrgwwkefjyhbrjf.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "aqyombnaxizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qiskkbpedqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "hyhyxnaomyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqyombnaxizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "dylgjdumoeadjalhztrmz.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "aqyombnaxizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "qiskkbpedqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oiuoqjzqrgbdiyidunke.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qiskkbpedqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "oiuoqjzqrgbdiyidunke.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oiuoqjzqrgbdiyidunke.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "aqyombnaxizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "bufyzrgwwkefjyhbrjf.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "hyhyxnaomyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "aqyombnaxizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqyombnaxizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "bufyzrgwwkefjyhbrjf.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dylgjdumoeadjalhztrmz.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "qiskkbpedqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "oiuoqjzqrgbdiyidunke.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dylgjdumoeadjalhztrmz.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\hyhyxnaomyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\dylgjdumoeadjalhztrmz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\aqyombnaxizxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\qiskkbpedqjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\hyhyxnaomyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\dylgjdumoeadjalhztrmz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\bufyzrgwwkefjyhbrjf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\qiskkbpedqjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\hyhyxnaomyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\bufyzrgwwkefjyhbrjf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\qiskkbpedqjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\hyhyxnaomyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\hyhyxnaomyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\hyhyxnaomyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\aqyombnaxizxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\dylgjdumoeadjalhztrmz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\aqyombnaxizxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\aqyombnaxizxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\aqyombnaxizxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\aqyombnaxizxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\hyhyxnaomyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\bufyzrgwwkefjyhbrjf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\hyhyxnaomyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\hyhyxnaomyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\aqyombnaxizxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\aqyombnaxizxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\oiuoqjzqrgbdiyidunke.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qiskkbpedqjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqyombnaxizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "bufyzrgwwkefjyhbrjf.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vkrgdrcokukhhsx = "bufyzrgwwkefjyhbrjf.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqyombnaxizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qiskkbpedqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe ." | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qiskkbpedqjjmaibqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vkrgdrcokukhhsx = "qiskkbpedqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qiskkbpedqjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dylgjdumoeadjalhztrmz.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vkrgdrcokukhhsx = "qiskkbpedqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "qiskkbpedqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqyombnaxizxykqh = "oiuoqjzqrgbdiyidunke.exe ." | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqyombnaxizxykqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqyombnaxizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "oiuoqjzqrgbdiyidunke.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dylgjdumoeadjalhztrmz.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqyombnaxizxykqh = "aqyombnaxizxykqh.exe ." | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "oiuoqjzqrgbdiyidunke.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe ." | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vkrgdrcokukhhsx = "qiskkbpedqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vkrgdrcokukhhsx = "aqyombnaxizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "qiskkbpedqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qiskkbpedqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dylgjdumoeadjalhztrmz.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqyombnaxizxykqh = "oiuoqjzqrgbdiyidunke.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qiskkbpedqjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dylgjdumoeadjalhztrmz.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "aqyombnaxizxykqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oiuoqjzqrgbdiyidunke.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qiskkbpedqjjmaibqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqyombnaxizxykqh = "aqyombnaxizxykqh.exe ." | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "aqyombnaxizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "bufyzrgwwkefjyhbrjf.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "bufyzrgwwkefjyhbrjf.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qiskkbpedqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqyombnaxizxykqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "hyhyxnaomyqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vkrgdrcokukhhsx = "aqyombnaxizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qiskkbpedqjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qiskkbpedqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dylgjdumoeadjalhztrmz.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqyombnaxizxykqh = "bufyzrgwwkefjyhbrjf.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vkrgdrcokukhhsx = "bufyzrgwwkefjyhbrjf.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qiskkbpedqjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqyombnaxizxykqh = "oiuoqjzqrgbdiyidunke.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vkrgdrcokukhhsx = "bufyzrgwwkefjyhbrjf.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qiskkbpedqjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oiuoqjzqrgbdiyidunke.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qiskkbpedqjjmaibqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "dylgjdumoeadjalhztrmz.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqyombnaxizxykqh = "qiskkbpedqjjmaibqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vkrgdrcokukhhsx = "oiuoqjzqrgbdiyidunke.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dylgjdumoeadjalhztrmz.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "oiuoqjzqrgbdiyidunke.exe" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqyombnaxizxykqh = "bufyzrgwwkefjyhbrjf.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\uqeaezrknebfmeqngbawkg.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\uqeaezrknebfmeqngbawkg.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\uqeaezrknebfmeqngbawkg.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qiskkbpedqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqyombnaxizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqyombnaxizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqyombnaxizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dylgjdumoeadjalhztrmz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\uqeaezrknebfmeqngbawkg.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oiuoqjzqrgbdiyidunke.exe | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| File created | C:\Windows\SysWOW64\fevubzuqwqqxhcrrnlnmd.jhc | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bufyzrgwwkefjyhbrjf.exe | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bufyzrgwwkefjyhbrjf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bufyzrgwwkefjyhbrjf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oiuoqjzqrgbdiyidunke.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\uqeaezrknebfmeqngbawkg.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bufyzrgwwkefjyhbrjf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qiskkbpedqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qiskkbpedqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qiskkbpedqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qiskkbpedqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqyombnaxizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qiskkbpedqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqyombnaxizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqyombnaxizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qiskkbpedqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bufyzrgwwkefjyhbrjf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oiuoqjzqrgbdiyidunke.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fevubzuqwqqxhcrrnlnmd.jhc | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqyombnaxizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bufyzrgwwkefjyhbrjf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqyombnaxizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\uqeaezrknebfmeqngbawkg.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dylgjdumoeadjalhztrmz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bufyzrgwwkefjyhbrjf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bufyzrgwwkefjyhbrjf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qiskkbpedqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dylgjdumoeadjalhztrmz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qiskkbpedqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dylgjdumoeadjalhztrmz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oiuoqjzqrgbdiyidunke.exe | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dylgjdumoeadjalhztrmz.exe | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\akmwoxdkbgrjekkvclyikumvbizephci.taj | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\uqeaezrknebfmeqngbawkg.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dylgjdumoeadjalhztrmz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqyombnaxizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dylgjdumoeadjalhztrmz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dylgjdumoeadjalhztrmz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dylgjdumoeadjalhztrmz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqyombnaxizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\fevubzuqwqqxhcrrnlnmd.jhc | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| File created | C:\Program Files (x86)\fevubzuqwqqxhcrrnlnmd.jhc | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| File opened for modification | C:\Program Files (x86)\akmwoxdkbgrjekkvclyikumvbizephci.taj | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| File created | C:\Program Files (x86)\akmwoxdkbgrjekkvclyikumvbizephci.taj | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\aqyombnaxizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\aqyombnaxizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\dylgjdumoeadjalhztrmz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\uqeaezrknebfmeqngbawkg.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\qiskkbpedqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\dylgjdumoeadjalhztrmz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\qiskkbpedqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\qiskkbpedqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\oiuoqjzqrgbdiyidunke.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\bufyzrgwwkefjyhbrjf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\aqyombnaxizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\dylgjdumoeadjalhztrmz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\qiskkbpedqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\oiuoqjzqrgbdiyidunke.exe | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| File opened for modification | C:\Windows\dylgjdumoeadjalhztrmz.exe | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| File opened for modification | C:\Windows\oiuoqjzqrgbdiyidunke.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\bufyzrgwwkefjyhbrjf.exe | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| File opened for modification | C:\Windows\dylgjdumoeadjalhztrmz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\uqeaezrknebfmeqngbawkg.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\bufyzrgwwkefjyhbrjf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\uqeaezrknebfmeqngbawkg.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\qiskkbpedqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\aqyombnaxizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\uqeaezrknebfmeqngbawkg.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\bufyzrgwwkefjyhbrjf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\oiuoqjzqrgbdiyidunke.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\aqyombnaxizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\bufyzrgwwkefjyhbrjf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\dylgjdumoeadjalhztrmz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\oiuoqjzqrgbdiyidunke.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\bufyzrgwwkefjyhbrjf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\bufyzrgwwkefjyhbrjf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\bufyzrgwwkefjyhbrjf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\uqeaezrknebfmeqngbawkg.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\qiskkbpedqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\oiuoqjzqrgbdiyidunke.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\oiuoqjzqrgbdiyidunke.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\dylgjdumoeadjalhztrmz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\qiskkbpedqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\aqyombnaxizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\qiskkbpedqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\aqyombnaxizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\dylgjdumoeadjalhztrmz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\bufyzrgwwkefjyhbrjf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\uqeaezrknebfmeqngbawkg.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\aqyombnaxizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| File opened for modification | C:\Windows\fevubzuqwqqxhcrrnlnmd.jhc | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| File opened for modification | C:\Windows\oiuoqjzqrgbdiyidunke.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\aqyombnaxizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\uqeaezrknebfmeqngbawkg.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\bufyzrgwwkefjyhbrjf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\fevubzuqwqqxhcrrnlnmd.jhc | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| File opened for modification | C:\Windows\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\dylgjdumoeadjalhztrmz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\dylgjdumoeadjalhztrmz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\uqeaezrknebfmeqngbawkg.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\hyhyxnaomyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dylgjdumoeadjalhztrmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqyombnaxizxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dylgjdumoeadjalhztrmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqyombnaxizxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqyombnaxizxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqyombnaxizxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qiskkbpedqjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hyhyxnaomyqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqyombnaxizxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qiskkbpedqjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bufyzrgwwkefjyhbrjf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqyombnaxizxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hyhyxnaomyqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hyhyxnaomyqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqyombnaxizxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hyhyxnaomyqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qiskkbpedqjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qiskkbpedqjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bufyzrgwwkefjyhbrjf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qiskkbpedqjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hyhyxnaomyqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqyombnaxizxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hyhyxnaomyqpreldr.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ousymr.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe"
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b1a720ff3f312809e834babbc8238648.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."
C:\Users\Admin\AppData\Local\Temp\ousymr.exe
"C:\Users\Admin\AppData\Local\Temp\ousymr.exe" "-C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe"
C:\Users\Admin\AppData\Local\Temp\ousymr.exe
"C:\Users\Admin\AppData\Local\Temp\ousymr.exe" "-C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe .
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe .
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bufyzrgwwkefjyhbrjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe .
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bufyzrgwwkefjyhbrjf.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe .
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bufyzrgwwkefjyhbrjf.exe*."
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe .
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bufyzrgwwkefjyhbrjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe .
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bufyzrgwwkefjyhbrjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe .
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bufyzrgwwkefjyhbrjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe .
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe .
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe .
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bufyzrgwwkefjyhbrjf.exe*."
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe .
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Windows\dylgjdumoeadjalhztrmz.exe
dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .
C:\Windows\hyhyxnaomyqpreldr.exe
hyhyxnaomyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe .
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .
C:\Windows\bufyzrgwwkefjyhbrjf.exe
bufyzrgwwkefjyhbrjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe .
C:\Windows\aqyombnaxizxykqh.exe
aqyombnaxizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bufyzrgwwkefjyhbrjf.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .
C:\Windows\oiuoqjzqrgbdiyidunke.exe
oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
C:\Windows\qiskkbpedqjjmaibqh.exe
qiskkbpedqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .
Network
| Country | Destination | Domain | Proto |
| GB | 88.221.135.56:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.yahoo.com | udp |
| GB | 87.248.114.11:80 | www.yahoo.com | tcp |
| LT | 86.100.23.60:21945 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | fyvqgej.net | udp |
| US | 8.8.8.8:53 | kliyju.net | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | uoiqay.com | udp |
| US | 8.8.8.8:53 | nofygmd.net | udp |
| US | 8.8.8.8:53 | rlpsjulqp.info | udp |
| US | 8.8.8.8:53 | fxbivemcmlwq.net | udp |
| US | 8.8.8.8:53 | xnrclstjrich.info | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | rdbofgrsjo.info | udp |
| US | 8.8.8.8:53 | wbqeqgz.info | udp |
| US | 8.8.8.8:53 | coguaiwm.org | udp |
| US | 8.8.8.8:53 | ekssbyd.net | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | nmvrrix.net | udp |
| US | 8.8.8.8:53 | dpvvyt.net | udp |
| US | 8.8.8.8:53 | jbtlas.net | udp |
| US | 8.8.8.8:53 | dqxmbmj.info | udp |
| US | 8.8.8.8:53 | tgfebhhrj.com | udp |
| US | 8.8.8.8:53 | scmysmya.org | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | gelgemouusw.net | udp |
| US | 8.8.8.8:53 | neehce.net | udp |
| US | 8.8.8.8:53 | xzjtoy.net | udp |
| US | 8.8.8.8:53 | gmvemauyu.info | udp |
| US | 8.8.8.8:53 | uujghylgx.net | udp |
| US | 8.8.8.8:53 | amuyikmagemm.org | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | dgenpnyojd.net | udp |
| US | 8.8.8.8:53 | tyurtytqjnvj.net | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | smwiqs.org | udp |
| US | 8.8.8.8:53 | aawxxk.net | udp |
| US | 8.8.8.8:53 | aakscw.org | udp |
| US | 8.8.8.8:53 | uslagd.net | udp |
| US | 8.8.8.8:53 | uszljdzvz.info | udp |
| US | 8.8.8.8:53 | ayswuasgcg.org | udp |
| US | 8.8.8.8:53 | eepgwut.net | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| LT | 78.62.135.120:22619 | tcp | |
| US | 8.8.8.8:53 | nxhjhelg.info | udp |
| US | 8.8.8.8:53 | kwrhmyzeo.info | udp |
| US | 8.8.8.8:53 | tcfinbuwqc.net | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | djpcqld.com | udp |
| US | 8.8.8.8:53 | hqjadxjqt.net | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | kxnxnbdprgzh.net | udp |
| US | 8.8.8.8:53 | yigqgm.com | udp |
| US | 8.8.8.8:53 | lniztoj.net | udp |
| US | 8.8.8.8:53 | vpcqfpa.net | udp |
| US | 8.8.8.8:53 | tykxieoz.net | udp |
| US | 8.8.8.8:53 | wcyzlwemp.net | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | cjtmrvwpyd.net | udp |
| US | 8.8.8.8:53 | cuueaqkmmq.com | udp |
| US | 8.8.8.8:53 | dsahehgqtj.info | udp |
| US | 8.8.8.8:53 | tucinue.net | udp |
| US | 8.8.8.8:53 | srfsxx.info | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | umycyacs.com | udp |
| US | 8.8.8.8:53 | mugige.com | udp |
| PT | 94.46.15.223:80 | mugige.com | tcp |
| US | 8.8.8.8:53 | siausmqcqu.org | udp |
| US | 8.8.8.8:53 | mwnonh.info | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | tclmxc.net | udp |
| US | 8.8.8.8:53 | wercbroxnf.info | udp |
| US | 8.8.8.8:53 | kaghxkf.info | udp |
| US | 8.8.8.8:53 | hoirkbnpacfp.net | udp |
| US | 8.8.8.8:53 | yuecge.net | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | jcpagfkvzzsi.net | udp |
| US | 8.8.8.8:53 | zyprnlrn.net | udp |
| US | 8.8.8.8:53 | hzqqhaamk.info | udp |
| US | 8.8.8.8:53 | kktcewkgx.net | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | iqycyccu.org | udp |
| US | 8.8.8.8:53 | mchwpucod.info | udp |
| US | 8.8.8.8:53 | udjztfzhb.net | udp |
| US | 8.8.8.8:53 | biefyxgz.info | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | uaooqqsk.org | udp |
| US | 8.8.8.8:53 | dwnkma.info | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | hrpsovcx.net | udp |
| BG | 85.217.252.79:17035 | tcp | |
| US | 8.8.8.8:53 | vlpivni.info | udp |
| US | 8.8.8.8:53 | wxbxvfkfzk.info | udp |
| US | 8.8.8.8:53 | cxbufkraf.net | udp |
| US | 8.8.8.8:53 | tlrqpvcshzd.info | udp |
| US | 8.8.8.8:53 | zyhynvv.net | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | hvkghrpfcy.net | udp |
| US | 8.8.8.8:53 | qckjydb.info | udp |
| US | 8.8.8.8:53 | ygucwvivcgvj.info | udp |
| US | 8.8.8.8:53 | jdufvfmorwhs.info | udp |
| US | 8.8.8.8:53 | bjrwzgqwpwx.com | udp |
| US | 8.8.8.8:53 | vsjmeajbgun.net | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | kumewsqq.com | udp |
| US | 8.8.8.8:53 | sdczocyn.info | udp |
| US | 8.8.8.8:53 | xufurzv.info | udp |
| US | 8.8.8.8:53 | fttthjzq.net | udp |
| US | 8.8.8.8:53 | ysdedngwcaop.net | udp |
| US | 8.8.8.8:53 | twdjretsbpp.net | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | wgassqgu.com | udp |
| US | 8.8.8.8:53 | ewlavyd.net | udp |
| US | 8.8.8.8:53 | olfkrbktd.net | udp |
| US | 8.8.8.8:53 | zusaaounwmjm.info | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | ctbsoiz.info | udp |
| US | 8.8.8.8:53 | hfhejdsnhxtw.net | udp |
| US | 8.8.8.8:53 | qbqyzobjaihz.net | udp |
| US | 8.8.8.8:53 | sqycdfxv.net | udp |
| US | 8.8.8.8:53 | hthvwb.info | udp |
| US | 8.8.8.8:53 | rflamnsycqdj.info | udp |
| US | 8.8.8.8:53 | raqnsgrqqhpv.info | udp |
| US | 8.8.8.8:53 | nflnnfzsen.net | udp |
| US | 8.8.8.8:53 | gtrwdpxk.net | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | cuogkmqa.org | udp |
| US | 8.8.8.8:53 | basojzbqqia.info | udp |
| US | 8.8.8.8:53 | makiwi.com | udp |
| DE | 217.160.0.216:80 | makiwi.com | tcp |
| US | 8.8.8.8:53 | potnbsj.org | udp |
| US | 8.8.8.8:53 | czumren.info | udp |
| US | 8.8.8.8:53 | cnuulpgk.net | udp |
| US | 8.8.8.8:53 | aaacomycskso.com | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | gswonqjeu.net | udp |
| US | 8.8.8.8:53 | xegzuytr.net | udp |
| US | 8.8.8.8:53 | xarjdnuursz.info | udp |
| US | 8.8.8.8:53 | ouxbxxzexkf.net | udp |
| US | 8.8.8.8:53 | uymgwycwsw.com | udp |
| US | 8.8.8.8:53 | kescic.org | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | eqqmhn.net | udp |
| US | 8.8.8.8:53 | soimblfmbvvb.info | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | bwrhwjtxpmm.info | udp |
| US | 8.8.8.8:53 | qdsrzj.info | udp |
| US | 8.8.8.8:53 | pohbxflieal.info | udp |
| US | 8.8.8.8:53 | zdbmffbjmql.info | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | oweecomowswi.org | udp |
| US | 8.8.8.8:53 | nkrugqeebab.com | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | xitbjksec.info | udp |
| US | 8.8.8.8:53 | monrdqzx.info | udp |
| US | 8.8.8.8:53 | aumeliumrfd.info | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | uztgfkg.net | udp |
| US | 8.8.8.8:53 | scpajknsvv.net | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | jqbuxkvwm.info | udp |
| US | 8.8.8.8:53 | sglrlcnfqub.net | udp |
| US | 8.8.8.8:53 | cjbnwt.net | udp |
| US | 8.8.8.8:53 | bxiltkymlg.net | udp |
| US | 8.8.8.8:53 | laxblics.info | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | lwbvrzj.com | udp |
| US | 8.8.8.8:53 | osiuyyoiwi.com | udp |
| US | 8.8.8.8:53 | swhqpcuiup.net | udp |
| US | 8.8.8.8:53 | anlweep.net | udp |
| US | 8.8.8.8:53 | dlvkyf.net | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | rpfupezssvpk.info | udp |
| US | 8.8.8.8:53 | gsioisciywcc.org | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| MD | 92.114.169.211:27907 | tcp | |
| US | 8.8.8.8:53 | rswyleo.net | udp |
| US | 8.8.8.8:53 | kkwfvuqskit.net | udp |
| US | 8.8.8.8:53 | vzyzlsxuwmx.info | udp |
| US | 8.8.8.8:53 | ymdoiaayd.net | udp |
| US | 8.8.8.8:53 | nplrnf.net | udp |
| US | 8.8.8.8:53 | balqrqzih.com | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | pecxmpgebt.info | udp |
| US | 8.8.8.8:53 | vszduwunrxjm.info | udp |
| US | 8.8.8.8:53 | abzmrj.info | udp |
| US | 8.8.8.8:53 | ltfjtxvp.net | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | ogfwmtzjn.net | udp |
| US | 8.8.8.8:53 | oogcuuqqiguo.org | udp |
| US | 8.8.8.8:53 | azlojghebc.net | udp |
| US | 8.8.8.8:53 | jbulak.net | udp |
| US | 8.8.8.8:53 | pggshlr.info | udp |
| US | 8.8.8.8:53 | kcfwbv.info | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | cfqrthhlzg.net | udp |
| US | 8.8.8.8:53 | jyuqecbzjkh.info | udp |
| US | 8.8.8.8:53 | xuazaosdhm.net | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | rwtqfbr.net | udp |
| US | 8.8.8.8:53 | amvieq.info | udp |
| US | 8.8.8.8:53 | sevkwgpyd.info | udp |
| US | 8.8.8.8:53 | cqrcrmrixo.info | udp |
| US | 8.8.8.8:53 | eebmjmujjba.info | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| LT | 78.61.192.201:25955 | tcp | |
| US | 8.8.8.8:53 | twfddqwdlec.org | udp |
| US | 8.8.8.8:53 | ehgilu.info | udp |
| US | 8.8.8.8:53 | kyiokq.org | udp |
| US | 8.8.8.8:53 | xizgomois.info | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | maderaj.info | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | xidvyish.info | udp |
| US | 8.8.8.8:53 | lyxgycffl.org | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | umdskjxo.info | udp |
| US | 8.8.8.8:53 | cudfayp.net | udp |
| US | 8.8.8.8:53 | vivixqbdeqv.org | udp |
| US | 8.8.8.8:53 | zovkcvbh.info | udp |
| US | 8.8.8.8:53 | qgmsseisgw.org | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | eahgcaqrz.net | udp |
| US | 8.8.8.8:53 | aqcsssaymcqm.org | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | wkkwsa.org | udp |
| US | 8.8.8.8:53 | kkdasr.info | udp |
| US | 8.8.8.8:53 | nghtzi.info | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | hbjzboik.net | udp |
| US | 8.8.8.8:53 | tbbgcotqyjr.com | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | dglpyi.info | udp |
| US | 8.8.8.8:53 | ruhhpqbjzysy.info | udp |
| US | 8.8.8.8:53 | bzpzgl.info | udp |
| US | 8.8.8.8:53 | qmyvev.net | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | ifncfp.net | udp |
| US | 8.8.8.8:53 | tmzblg.info | udp |
| US | 8.8.8.8:53 | xsqews.net | udp |
| US | 8.8.8.8:53 | dgcahzxj.net | udp |
| US | 8.8.8.8:53 | zfsrqttcbn.net | udp |
| US | 8.8.8.8:53 | hseiolekf.info | udp |
| US | 8.8.8.8:53 | zceswczqxqzy.info | udp |
| US | 8.8.8.8:53 | tpzmqt.net | udp |
| US | 8.8.8.8:53 | oetktyxuqr.net | udp |
| US | 8.8.8.8:53 | jnuqgsaxui.net | udp |
| US | 8.8.8.8:53 | rdefwcemiz.net | udp |
| US | 8.8.8.8:53 | razklznrzh.net | udp |
| US | 8.8.8.8:53 | rofdrzierc.net | udp |
| US | 8.8.8.8:53 | sdrwuwa.info | udp |
| US | 8.8.8.8:53 | yaqmumakkagw.com | udp |
| US | 8.8.8.8:53 | xtrwauyjzt.net | udp |
| US | 8.8.8.8:53 | yiywpweq.net | udp |
| US | 8.8.8.8:53 | zfditavifn.info | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | yoisow.org | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | xuhiszqwvlb.info | udp |
| US | 8.8.8.8:53 | oqrbxgwckut.net | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | bujdnfrkdu.net | udp |
| US | 8.8.8.8:53 | xfvozznyl.com | udp |
| US | 8.8.8.8:53 | oujqukpeh.net | udp |
| US | 8.8.8.8:53 | ewuokskesvif.info | udp |
| BG | 89.25.19.243:29619 | tcp | |
| US | 8.8.8.8:53 | eyoykwoakmsg.com | udp |
| US | 8.8.8.8:53 | wfwypth.info | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | kbfmbil.info | udp |
| US | 8.8.8.8:53 | ppvwjhv.net | udp |
| US | 8.8.8.8:53 | rsbjvqbpuffo.net | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | rapprgyxv.com | udp |
| US | 8.8.8.8:53 | qoyaew.com | udp |
| US | 8.8.8.8:53 | pqvqyszpbcxm.net | udp |
| US | 8.8.8.8:53 | akokqwsqke.org | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | fmfcgf.info | udp |
| US | 8.8.8.8:53 | csuwsugkcu.org | udp |
| US | 8.8.8.8:53 | zoulji.net | udp |
| US | 8.8.8.8:53 | iguumk.com | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | cuqtpddzjhvy.net | udp |
| US | 8.8.8.8:53 | mnnqrygj.info | udp |
| US | 8.8.8.8:53 | axbpoyvs.info | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | giyspzlqcvlb.info | udp |
| US | 8.8.8.8:53 | edcxzydsir.info | udp |
| US | 8.8.8.8:53 | blolvxvtddca.info | udp |
| US | 8.8.8.8:53 | diganwtmpnp.com | udp |
| US | 8.8.8.8:53 | knsczlbggpdt.info | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | kjwdsyfq.info | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | wigwmeew.org | udp |
| US | 8.8.8.8:53 | uqcwbixkz.net | udp |
| US | 8.8.8.8:53 | bkbgiytyr.com | udp |
| US | 8.8.8.8:53 | hpincwhqlmm.com | udp |
| US | 8.8.8.8:53 | atrtrckj.info | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | vaybvafefi.net | udp |
| US | 8.8.8.8:53 | xlgizd.net | udp |
| US | 8.8.8.8:53 | jyoyxit.org | udp |
| US | 8.8.8.8:53 | qiyaag.com | udp |
| US | 8.8.8.8:53 | hrecrrekzkw.net | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | amuxfyzx.info | udp |
| US | 8.8.8.8:53 | lsbclcjdicj.info | udp |
| US | 8.8.8.8:53 | osjilozmrug.net | udp |
| US | 8.8.8.8:53 | koaamcou.com | udp |
| US | 8.8.8.8:53 | lwegnqzcieo.net | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | oyfyiotlnkf.info | udp |
| US | 8.8.8.8:53 | jlftdoty.info | udp |
| BG | 77.77.31.220:33142 | tcp | |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | mohydglijom.info | udp |
| US | 8.8.8.8:53 | fqexlntsp.org | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | pclmkswt.net | udp |
| US | 8.8.8.8:53 | fgpluwdcr.net | udp |
| US | 8.8.8.8:53 | mowquswuqywk.com | udp |
| US | 8.8.8.8:53 | acrmfcslu.net | udp |
| US | 8.8.8.8:53 | iocoyqyiiecy.com | udp |
| US | 8.8.8.8:53 | rhnmeyx.org | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | moivnclnzin.info | udp |
| US | 8.8.8.8:53 | goqtjd.info | udp |
| US | 8.8.8.8:53 | omeauwigsyem.org | udp |
| US | 8.8.8.8:53 | haljzy.info | udp |
| US | 8.8.8.8:53 | wawtflcocl.net | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | rfpqziuvqduj.info | udp |
| US | 8.8.8.8:53 | buzkvgluklk.net | udp |
| US | 8.8.8.8:53 | cqgegukowsem.org | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | axjypnpy.net | udp |
| US | 8.8.8.8:53 | ucqmsu.org | udp |
| US | 8.8.8.8:53 | adhvva.net | udp |
| US | 8.8.8.8:53 | epogtoqa.info | udp |
| US | 8.8.8.8:53 | pwrwaqtot.net | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | nvushmok.net | udp |
| US | 8.8.8.8:53 | mpmadj.net | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | xzwawphqfg.info | udp |
| US | 8.8.8.8:53 | ccbpaidupse.net | udp |
| US | 8.8.8.8:53 | dtrzgarr.net | udp |
| US | 8.8.8.8:53 | unrfas.info | udp |
| US | 8.8.8.8:53 | gcsurvx.info | udp |
| US | 8.8.8.8:53 | fpeofmbaz.info | udp |
| US | 8.8.8.8:53 | ioqokcksiy.com | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | qwtiqfrin.net | udp |
| US | 8.8.8.8:53 | ddvwvt.info | udp |
| US | 8.8.8.8:53 | hkmwusmbhlwn.info | udp |
| US | 8.8.8.8:53 | athxaltq.info | udp |
| US | 8.8.8.8:53 | usxers.net | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | iqwyaimueoas.org | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 84.32.85.103:27785 | tcp | |
| US | 8.8.8.8:53 | nmhvgydavm.info | udp |
| US | 8.8.8.8:53 | vongxrtlhear.net | udp |
| US | 8.8.8.8:53 | tegelyr.info | udp |
| US | 8.8.8.8:53 | qweeqmgsb.net | udp |
| US | 8.8.8.8:53 | gplonkmap.net | udp |
| US | 8.8.8.8:53 | ygitbvywt.net | udp |
| US | 8.8.8.8:53 | utziehbbx.info | udp |
| US | 8.8.8.8:53 | dvvrvafvau.info | udp |
| US | 8.8.8.8:53 | xqhyzkfyvjhk.net | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | fsdzmsqmye.info | udp |
| US | 8.8.8.8:53 | mmtcotbc.net | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | jlnniwbj.info | udp |
| US | 8.8.8.8:53 | gwrgtgw.info | udp |
| US | 8.8.8.8:53 | dmlqzcautux.net | udp |
| US | 8.8.8.8:53 | fzqsatroaw.info | udp |
| US | 8.8.8.8:53 | alsspinax.info | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | xmmhkpkt.net | udp |
| US | 8.8.8.8:53 | kswwqq.com | udp |
| US | 8.8.8.8:53 | etfuly.info | udp |
| US | 8.8.8.8:53 | swszbldyudlo.net | udp |
| US | 8.8.8.8:53 | scvxpoypcb.net | udp |
| US | 8.8.8.8:53 | waqmem.com | udp |
| US | 8.8.8.8:53 | lfwqlefirrze.net | udp |
| US | 8.8.8.8:53 | mkymskwy.com | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | zchmjinbf.com | udp |
| US | 8.8.8.8:53 | dvfqxnsetrop.info | udp |
| US | 8.8.8.8:53 | booxiutazv.info | udp |
| US | 8.8.8.8:53 | byxmmhxj.net | udp |
| US | 8.8.8.8:53 | ydjxvatl.info | udp |
| US | 8.8.8.8:53 | xjtsph.info | udp |
| US | 8.8.8.8:53 | aniwidgx.info | udp |
| US | 8.8.8.8:53 | xbvodfjhk.net | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | kumznou.net | udp |
| US | 8.8.8.8:53 | wwysseoqgiyk.org | udp |
| US | 8.8.8.8:53 | hogiuifwvolf.net | udp |
| US | 8.8.8.8:53 | osioaosu.org | udp |
| US | 8.8.8.8:53 | uemxhaniztvx.net | udp |
| US | 8.8.8.8:53 | sxzgckpt.net | udp |
| US | 8.8.8.8:53 | idqvbbvj.info | udp |
| US | 8.8.8.8:53 | dlfjbmkytr.info | udp |
| US | 8.8.8.8:53 | vqqqbiebbph.com | udp |
| US | 8.8.8.8:53 | hrmozlbthdnn.info | udp |
| US | 8.8.8.8:53 | jlhmlw.net | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | psjcycm.com | udp |
| US | 8.8.8.8:53 | qtksbsfrkexc.net | udp |
| US | 8.8.8.8:53 | fgtwrzlbrne.net | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | qomchdkld.net | udp |
| US | 8.8.8.8:53 | okiisqaimcok.com | udp |
| US | 8.8.8.8:53 | qkqgeygakqso.com | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | cnkgrymdg.info | udp |
| US | 8.8.8.8:53 | riaodswyl.net | udp |
| US | 8.8.8.8:53 | bixtiat.org | udp |
| US | 8.8.8.8:53 | oqwemeimeu.org | udp |
| US | 8.8.8.8:53 | wiwgmagcmaoq.com | udp |
| US | 8.8.8.8:53 | mgmkcoqagwcg.com | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | ucwkiyqsoqug.com | udp |
| US | 8.8.8.8:53 | jesiro.info | udp |
| US | 8.8.8.8:53 | rqxeewd.info | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | lzdhzkunryff.net | udp |
| US | 8.8.8.8:53 | segaqg.com | udp |
| US | 8.8.8.8:53 | ukyasuuseqsw.org | udp |
| US | 8.8.8.8:53 | jyhavhr.org | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | zkzmma.net | udp |
| US | 8.8.8.8:53 | qgpiuopvbec.net | udp |
| US | 8.8.8.8:53 | dlxnewps.net | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | bpmnruwew.org | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | tydqgkrzgr.info | udp |
| US | 8.8.8.8:53 | dsplni.info | udp |
| US | 8.8.8.8:53 | ksrbneeolch.net | udp |
| US | 8.8.8.8:53 | iezlqrxaty.info | udp |
| US | 8.8.8.8:53 | lqvdzagipyu.org | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | euclmfxwd.net | udp |
| US | 8.8.8.8:53 | ucpbqoxk.net | udp |
| US | 8.8.8.8:53 | qcquqsj.net | udp |
| US | 8.8.8.8:53 | bemtrcmdoasy.info | udp |
| US | 8.8.8.8:53 | pvhqddcizutk.net | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| MD | 93.116.225.104:14094 | tcp | |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | zilohmp.org | udp |
| US | 8.8.8.8:53 | scfkoonbicz.info | udp |
| US | 8.8.8.8:53 | cdlerueoptc.info | udp |
| US | 8.8.8.8:53 | yygsguye.com | udp |
| US | 8.8.8.8:53 | dgiulmx.info | udp |
| US | 8.8.8.8:53 | brsknnpsoyce.net | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | ycmgegcuewao.org | udp |
| US | 8.8.8.8:53 | kagkaywg.org | udp |
| US | 8.8.8.8:53 | gkcwaqmgoayy.org | udp |
| US | 8.8.8.8:53 | gudiefufh.net | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | awjwjkrwr.net | udp |
| US | 8.8.8.8:53 | ylrkloz.net | udp |
| US | 8.8.8.8:53 | oyuscm.org | udp |
| US | 8.8.8.8:53 | eabylhnefgt.info | udp |
| US | 8.8.8.8:53 | kaiifclstii.info | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | eufdxkx.net | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | yxhejdwij.info | udp |
| US | 8.8.8.8:53 | ogjovktqp.info | udp |
| US | 8.8.8.8:53 | mmsxdtdt.info | udp |
| US | 8.8.8.8:53 | ekqoscic.org | udp |
| US | 8.8.8.8:53 | dsbxuhbgiix.org | udp |
| US | 8.8.8.8:53 | rddiza.info | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | fcvqjxdym.info | udp |
| US | 8.8.8.8:53 | ygkukcyw.com | udp |
| US | 8.8.8.8:53 | quwkziphng.info | udp |
| BG | 89.25.19.139:14700 | tcp | |
| US | 8.8.8.8:53 | ymsqcg.com | udp |
| US | 8.8.8.8:53 | nftahxpjqa.net | udp |
| US | 8.8.8.8:53 | zgzepqimz.net | udp |
| US | 8.8.8.8:53 | lmnsnyl.info | udp |
| US | 8.8.8.8:53 | iyiwcobqb.net | udp |
| US | 8.8.8.8:53 | fqghtfnxgt.info | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | ktnydo.net | udp |
| US | 8.8.8.8:53 | vppgjyd.info | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | tytquitxjav.org | udp |
| US | 8.8.8.8:53 | jbwtsp.info | udp |
| US | 8.8.8.8:53 | eqgabkf.net | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | eipnbwua.net | udp |
| US | 8.8.8.8:53 | llpuduqzzqt.net | udp |
| US | 8.8.8.8:53 | nvnvzcl.info | udp |
| US | 8.8.8.8:53 | pgvmnrjkl.info | udp |
| US | 8.8.8.8:53 | legpvbxbrm.info | udp |
| US | 8.8.8.8:53 | hcdgconcv.com | udp |
| US | 8.8.8.8:53 | nfvckq.net | udp |
| US | 8.8.8.8:53 | kwqueeacmiyu.com | udp |
| US | 8.8.8.8:53 | jifhbcjv.net | udp |
| US | 8.8.8.8:53 | vrsvqw.info | udp |
| US | 8.8.8.8:53 | mkcmqy.org | udp |
| US | 8.8.8.8:53 | wwyyggkqkm.org | udp |
| US | 8.8.8.8:53 | xklsrjorvup.info | udp |
| US | 8.8.8.8:53 | msebvpsqw.info | udp |
| US | 8.8.8.8:53 | fplmiebcgqn.com | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | vujobvbkg.net | udp |
| US | 8.8.8.8:53 | vzesfw.net | udp |
| US | 8.8.8.8:53 | mfwijs.net | udp |
| US | 8.8.8.8:53 | mefwlsfbimj.info | udp |
| US | 8.8.8.8:53 | rqapfjvjfb.info | udp |
| US | 8.8.8.8:53 | ucigqmiuwieo.org | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | yiciholb.info | udp |
| US | 8.8.8.8:53 | gyijmqhfrcly.info | udp |
| US | 8.8.8.8:53 | iysmousi.org | udp |
| US | 8.8.8.8:53 | mejlbowwciy.info | udp |
| US | 8.8.8.8:53 | uyzyhjjrjnub.net | udp |
| US | 8.8.8.8:53 | hiosvqjud.org | udp |
| US | 8.8.8.8:53 | pzxsdpbdjlvw.info | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | zzijykcox.net | udp |
| US | 8.8.8.8:53 | ozmnbq.info | udp |
| US | 8.8.8.8:53 | swtghhkzgrdq.net | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | jjrspkzb.info | udp |
| US | 8.8.8.8:53 | zlgsxk.info | udp |
| US | 8.8.8.8:53 | yyqascwmkq.com | udp |
| US | 8.8.8.8:53 | xlhmbzthuobp.info | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | awxspyxqg.info | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | icwqus.org | udp |
| BG | 213.91.131.44:20649 | tcp | |
| US | 8.8.8.8:53 | iyygwekwoica.org | udp |
| US | 8.8.8.8:53 | oqlzsgswz.info | udp |
| US | 8.8.8.8:53 | tcnzusvgxf.net | udp |
| US | 8.8.8.8:53 | wqzumks.net | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | eosoco.com | udp |
| US | 8.8.8.8:53 | wmqwquke.com | udp |
| US | 8.8.8.8:53 | msrsummzmv.info | udp |
| US | 8.8.8.8:53 | dtletxshvbnt.info | udp |
| US | 8.8.8.8:53 | bhfzvgrgoyj.net | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | ypfcfts.info | udp |
| US | 8.8.8.8:53 | ckemxn.info | udp |
| HK | 8.218.157.123:80 | ckemxn.info | tcp |
| LT | 78.58.77.245:37500 | tcp | |
| BG | 83.228.84.49:32021 | tcp | |
| LT | 78.58.65.250:28711 | tcp | |
| US | 8.8.8.8:53 | ushimtz.net | udp |
| US | 8.8.8.8:53 | cayakycgmaym.com | udp |
| BG | 77.78.155.19:38295 | tcp | |
| US | 8.8.8.8:53 | ibnfqylizvu.info | udp |
| US | 8.8.8.8:53 | cwsokwicgmem.org | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | uutqvnniv.net | udp |
| US | 8.8.8.8:53 | zmxrpqrsi.info | udp |
| US | 8.8.8.8:53 | gigaowkm.org | udp |
| US | 8.8.8.8:53 | miugwisemaek.com | udp |
| US | 8.8.8.8:53 | bclwuptsd.org | udp |
| US | 8.8.8.8:53 | zgtgzzbahv.info | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | ouymyw.org | udp |
| US | 8.8.8.8:53 | ldzlgutovrqr.net | udp |
| US | 8.8.8.8:53 | sylrpcscfez.net | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | ejpkgujovic.net | udp |
| US | 8.8.8.8:53 | hsfuhyiomas.net | udp |
| US | 8.8.8.8:53 | xizghvuihlt.org | udp |
| US | 8.8.8.8:53 | tizjxcx.info | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | dyjglsqsmxl.info | udp |
| US | 8.8.8.8:53 | llrlrwuyyt.info | udp |
| US | 88.216.22.18:40538 | tcp | |
| US | 8.8.8.8:53 | ciubdpyk.info | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | rugnyejgpszi.info | udp |
| US | 8.8.8.8:53 | msdffejwoef.info | udp |
| US | 8.8.8.8:53 | dpuhjsluj.com | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | xflilbpsffj.org | udp |
| US | 8.8.8.8:53 | lznmqjwzresv.net | udp |
| US | 8.8.8.8:53 | rhxpdgfa.net | udp |
| US | 8.8.8.8:53 | pvwdgf.info | udp |
| US | 8.8.8.8:53 | cskaoeoisw.com | udp |
| US | 8.8.8.8:53 | kaxuxkjcmn.info | udp |
| US | 8.8.8.8:53 | thpewr.net | udp |
| US | 8.8.8.8:53 | uurrrsfot.net | udp |
| US | 8.8.8.8:53 | gdlrqpmxgelh.net | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | soyaiucmaq.com | udp |
| US | 8.8.8.8:53 | iwdyfogslsb.net | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | hfqynl.info | udp |
| US | 8.8.8.8:53 | xmqlqme.org | udp |
| US | 8.8.8.8:53 | bhzoifbs.net | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | cqrsbhrxhaw.info | udp |
| US | 8.8.8.8:53 | qidthiel.net | udp |
| US | 8.8.8.8:53 | wfwydbxcge.net | udp |
| US | 8.8.8.8:53 | fwrcheiikr.net | udp |
| US | 8.8.8.8:53 | fdrewdjp.net | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | gcxnjnmpts.info | udp |
| US | 8.8.8.8:53 | ckkmskgs.com | udp |
| US | 8.8.8.8:53 | ngwbbher.info | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| LV | 212.142.80.2:22424 | tcp | |
| US | 8.8.8.8:53 | orokeznnxo.net | udp |
| US | 8.8.8.8:53 | esxsncqymcz.net | udp |
| US | 8.8.8.8:53 | wwbyyangp.info | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | jenafqm.info | udp |
| US | 8.8.8.8:53 | cgaaqprr.net | udp |
| US | 8.8.8.8:53 | sibulwxopwh.info | udp |
| US | 8.8.8.8:53 | ukqwsukc.org | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | iowiuqcacwgm.org | udp |
| US | 8.8.8.8:53 | nwjtnopkkx.net | udp |
| US | 8.8.8.8:53 | xiivddz.org | udp |
| US | 8.8.8.8:53 | zqlaykjubms.org | udp |
| US | 8.8.8.8:53 | wkaquyacym.org | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | eoxqvcpzzkq.info | udp |
| US | 8.8.8.8:53 | oslieelwb.net | udp |
| US | 8.8.8.8:53 | murgwwlujyo.info | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | kkfczuypxn.info | udp |
| US | 8.8.8.8:53 | aaugcoassaqa.com | udp |
| US | 8.8.8.8:53 | xhszzxtp.info | udp |
| US | 8.8.8.8:53 | hbescvr.org | udp |
| US | 8.8.8.8:53 | rmeidphhar.net | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | aqdrzcgurh.net | udp |
| US | 8.8.8.8:53 | eqgezwq.net | udp |
| US | 8.8.8.8:53 | dkponl.info | udp |
| US | 8.8.8.8:53 | ovqyjkjrts.net | udp |
| US | 8.8.8.8:53 | lmpkllgocyl.org | udp |
| US | 8.8.8.8:53 | rmwfbdlzewlx.info | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | kdcmnjgs.net | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | hciyyytxpa.info | udp |
| GB | 86.162.183.151:36387 | tcp | |
| US | 8.8.8.8:53 | daostdpbrc.net | udp |
| US | 8.8.8.8:53 | mvdtnbzepnab.net | udp |
| US | 8.8.8.8:53 | nbrcvlowp.org | udp |
| US | 8.8.8.8:53 | kmgguk.org | udp |
| US | 8.8.8.8:53 | tqdadr.net | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | linrnkfdlp.info | udp |
| US | 8.8.8.8:53 | vvsgrix.net | udp |
| US | 8.8.8.8:53 | zqbmewe.org | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | cdxdsyptav.net | udp |
| US | 8.8.8.8:53 | najdnornb.com | udp |
| US | 8.8.8.8:53 | tudgihlrvori.info | udp |
| US | 8.8.8.8:53 | tvhhht.info | udp |
| US | 8.8.8.8:53 | jchgtdxnti.info | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | vvuwiqdi.info | udp |
| US | 8.8.8.8:53 | qkdaedzq.info | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | qnjiwrbvrau.info | udp |
| US | 8.8.8.8:53 | xlcmavyfrk.info | udp |
| US | 8.8.8.8:53 | dsamzsmkuv.info | udp |
| US | 8.8.8.8:53 | hdprnzcl.net | udp |
| US | 8.8.8.8:53 | lugmenumv.net | udp |
| US | 8.8.8.8:53 | txyowu.net | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | mqiwmiew.org | udp |
| US | 8.8.8.8:53 | zmpsfqhqnmk.info | udp |
| US | 8.8.8.8:53 | qkuyhobcdgr.info | udp |
| US | 8.8.8.8:53 | nkhhmeld.net | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | nmaibausj.com | udp |
| US | 8.8.8.8:53 | nyvfokjrdqae.info | udp |
| LT | 84.240.4.153:17502 | tcp | |
| US | 8.8.8.8:53 | krxdeemaybal.info | udp |
| US | 8.8.8.8:53 | aacyuo.com | udp |
| US | 8.8.8.8:53 | wyrpmaddf.info | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | hmeojyaoh.net | udp |
| US | 8.8.8.8:53 | ntxpkbtfbbnt.net | udp |
| US | 8.8.8.8:53 | hqdeztnsx.net | udp |
| US | 8.8.8.8:53 | tctnoa.net | udp |
| US | 8.8.8.8:53 | tizepaaxk.org | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | jusehypclvr.info | udp |
| US | 8.8.8.8:53 | zhtagd.info | udp |
| US | 8.8.8.8:53 | fifesnfv.info | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | xahhvsp.info | udp |
| US | 8.8.8.8:53 | tuxrvae.org | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | dvzextzcjgnt.info | udp |
| US | 8.8.8.8:53 | vupxeoogtrhm.net | udp |
| US | 8.8.8.8:53 | oesmsymqskus.org | udp |
| US | 8.8.8.8:53 | pqffra.net | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | xkilfanydm.net | udp |
| US | 8.8.8.8:53 | vgqvfkrhp.info | udp |
| US | 8.8.8.8:53 | sgviturqf.net | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | wkyism.com | udp |
| US | 8.8.8.8:53 | pmkwkvnzjk.info | udp |
| US | 8.8.8.8:53 | dwyvku.net | udp |
| US | 8.8.8.8:53 | oudlba.info | udp |
| US | 8.8.8.8:53 | bsgixrdbh.info | udp |
| US | 8.8.8.8:53 | vprrbv.info | udp |
| US | 8.8.8.8:53 | xbnwjeuqrmb.com | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | ycuygomicu.com | udp |
| US | 8.8.8.8:53 | isqwmkyyegei.com | udp |
| US | 8.8.8.8:53 | dslebyh.info | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | fsnxdcv.net | udp |
| US | 8.8.8.8:53 | njimjyrqf.org | udp |
| US | 8.8.8.8:53 | oahdbofi.net | udp |
| US | 8.8.8.8:53 | lelbyj.net | udp |
| US | 8.8.8.8:53 | itgtlzfqi.info | udp |
| US | 8.8.8.8:53 | hetvrb.net | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | mwcqweyggc.org | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | wbbvlfanet.net | udp |
| US | 8.8.8.8:53 | asinnfzybs.net | udp |
| US | 8.8.8.8:53 | tahhbkqr.info | udp |
| US | 8.8.8.8:53 | fmtcxmcbn.net | udp |
| US | 8.8.8.8:53 | dmqkfqnuel.net | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | xhdmxgbdrv.net | udp |
| US | 8.8.8.8:53 | yznyhmgeh.info | udp |
| US | 8.8.8.8:53 | lwqpjupsr.net | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | egkgyc.com | udp |
| US | 8.8.8.8:53 | lpstqr.net | udp |
| US | 8.8.8.8:53 | okcusicwceoy.com | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | owssiyao.org | udp |
| US | 8.8.8.8:53 | gwwygw.com | udp |
| US | 8.8.8.8:53 | cuwycshwddv.net | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | osqdwjljci.net | udp |
| US | 8.8.8.8:53 | xvxsyykb.net | udp |
| US | 8.8.8.8:53 | wujjvad.info | udp |
| US | 8.8.8.8:53 | taptptc.org | udp |
| US | 8.8.8.8:53 | pazkuch.info | udp |
| LT | 78.60.77.146:29846 | tcp | |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | uxekyf.net | udp |
| US | 8.8.8.8:53 | scxobpryl.net | udp |
| US | 8.8.8.8:53 | titahkdwj.info | udp |
| US | 8.8.8.8:53 | sosaogkswgkk.com | udp |
| US | 8.8.8.8:53 | rrcafz.net | udp |
Files
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
| MD5 | 5203b6ea0901877fbf2d8d6f6d8d338e |
| SHA1 | c803e92561921b38abe13239c1fd85605b570936 |
| SHA256 | 0cc02d34d5fd4cf892fed282f98c1ad3e7dd6159a8877ae5c46d3f834ed36060 |
| SHA512 | d48a41b4fc4c38a6473f789c02918fb7353a4b4199768a3624f3b685d91d38519887a1ccd3616e0d2b079a346afaec5a0f2ef2c46d72d3097ef561cedb476471 |
C:\Windows\SysWOW64\qiskkbpedqjjmaibqh.exe
| MD5 | b1a720ff3f312809e834babbc8238648 |
| SHA1 | 9143508ce53230b2437aaa3992f4c41586b3100d |
| SHA256 | f71aac19d5e1e24a5b983a37d068604ef8d1ece82b27eefccd52c8dfd3ce5426 |
| SHA512 | a4f0ca15311c954fa431b413997816eae984387175b853f8f6ec8ee9c20c51960cdeaa87f6a9ebb93f6f2acc639ba0b5863067079724b0d1ca903e0c8f8037aa |
C:\Users\Admin\AppData\Local\Temp\ousymr.exe
| MD5 | 4a541889f331b2078eb03821990b1d38 |
| SHA1 | 96588260838d753994104e6138670b6258b6405a |
| SHA256 | 47e17328e55df1efb3c34f4df934d458a06362fc47041cbeecefda8f3e0c9090 |
| SHA512 | fc29aeca11181ca2de2863a553cddd2c047f42fd3abbad9fa494abcc0760b39d4103b587570bd410127bdffb24dc65608fe17bdd2f9a007c090c840a96b67b7a |
C:\Users\Admin\AppData\Local\akmwoxdkbgrjekkvclyikumvbizephci.taj
| MD5 | e4fb9ff11c6400a5edfba514b2afebe4 |
| SHA1 | a87e2c23b2bbd66a12cf28b3c9da6754d799d583 |
| SHA256 | 601f40a7b7f34ff48d0ee5cf7d31fc3d0effb7c6659add4ee38a431f6474a9a3 |
| SHA512 | 418fe80e9c2ca893486a73aa2d763b689f2eb8fc4a30ac50b8072eeb4f208db9f014738026624f06c138234b7c66c0981d57f2e585eebc5f6fd35efd7a448a8b |
C:\Users\Admin\AppData\Local\fevubzuqwqqxhcrrnlnmd.jhc
| MD5 | 744794f95d6feb65830579d217733318 |
| SHA1 | 8fcac7ab6506e285a201d07cfe745833723252c4 |
| SHA256 | f748f0cb19429492c32ae483e0cfb47ea19fb46a0c44aed0d70fd86407c9e928 |
| SHA512 | 73484322a3b8a915c6955645216b14b47bf6b4de38a1ca6cd8089a2b7816992fb309459f784c61c6ad060d8b408c1a17d0bb15f199ce8220c0b204dac5be7af9 |
C:\Program Files (x86)\fevubzuqwqqxhcrrnlnmd.jhc
| MD5 | f2b65b4eee8a581818eda2a3849f01be |
| SHA1 | d0a2f1423bf25399a043b7d7b5cb5467c2403362 |
| SHA256 | 6a6de083fddd2d91fb075a8c2947e7236a8a2557328e192ba4cdb6bfde2a5b41 |
| SHA512 | 1057c152bb4980839d9e046799bea68b5960abc530014e8641352875c4d39896c72a19d34c5bd875f16494d1869369180c8732f75b59e1694fb41f52263c74bd |
C:\Program Files (x86)\fevubzuqwqqxhcrrnlnmd.jhc
| MD5 | 17c7b81c7ba29a1f93fca034922ed9b8 |
| SHA1 | 409dd21a6e2334f80fe6bc83a47e85a037b12cdf |
| SHA256 | 00d3cd78d564915803be29c3e08e586a335cfc2c8ae3cc2dd629f472630d8e4f |
| SHA512 | 3a78e634932f5eac062761be38c2fa06a370c5345ca9f16c109736c6414e9cc69aed6a05ff003f52e385a8b02b72f92665b5cf4efca85a2bf0c9b4cca3231fb6 |
C:\Program Files (x86)\fevubzuqwqqxhcrrnlnmd.jhc
| MD5 | df49f1da2bada328146f9225dab82074 |
| SHA1 | 93df410db19ab18a691314c4aab95d70e6623916 |
| SHA256 | f99aa2e8365f9dc46f002ce1ceba69d057b1ec6ef9209600cc5d00da62e45520 |
| SHA512 | f74a63ab5a440f75e1906d85f050a781261b0afa012d34cf58a980fc95f6b3464dbde799f1cb257264a93dc9bf2fb261a8491c4aa396b53441f93ee9d38bb2cb |
C:\Program Files (x86)\fevubzuqwqqxhcrrnlnmd.jhc
| MD5 | 7d5d2021fff9cf353badb349d7f8e502 |
| SHA1 | c3609a9394739280f54991ae2900c8361b9e478b |
| SHA256 | f7e62a097168f08bd51c973fce3bc5c66402f6ebd3f86bfd99f99fd9b6a45239 |
| SHA512 | 4280b5046b72fa1f677009cd049987b659f3298c0765ee2035acd5ebd438ee905b78256e387d6256f375c9bfcf3d44b609aaf8322abc206bd12ee11367fa259b |
C:\Program Files (x86)\fevubzuqwqqxhcrrnlnmd.jhc
| MD5 | 11e8eb39e77b0079bdceccb7a1407ca3 |
| SHA1 | a7da3cb154c7ec8088a384fdcb9aa2ea2420b4a6 |
| SHA256 | 5c6b2489d2f2b4538f996e6962a81931518954a1cae5388e60cf518dbb7f8b05 |
| SHA512 | 1e3271a17471fd21cf83098a642d2c760068fc478dc381ceb44aa890ea34c7b747fb7f356c063ca3fb77f9c2a9a8db6090ee6e99bfb86d609b3ba507875cb59e |
C:\Program Files (x86)\fevubzuqwqqxhcrrnlnmd.jhc
| MD5 | 39bced1aee8d8978520227ff1ee2d740 |
| SHA1 | 6b1cfc6229553e8c3ea6747b2825f9be9e6162fe |
| SHA256 | dbaea50fa28b70b12c4fdc99d2921bb0a5347923b9a9c0d35d0540b7c7f26aae |
| SHA512 | 75a84e4538243c8408ca29413e431ec31673dea06adf7a85b3b83ccbde3840d9c42c0c31754bb546fc57ffd4c66ddf125a6033c97a86def9527cc8b3450a040a |