Analysis Overview
SHA256
226da79bd298b6c72453572e2f34a1b40e19db0c51e10197ac00daf0d499b770
Threat Level: Known bad
The file JaffaCakes118_b19410583c5cac21e5066dee43513859 was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Pykspa family
Pykspa
Modifies WinLogon for persistence
Detect Pykspa worm
Adds policy Run key to start application
Disables RegEdit via registry modification
Checks computer location settings
Executes dropped EXE
Impair Defenses: Safe Mode Boot
Looks up external IP address via web service
Adds Run key to start application
Hijack Execution Flow: Executable Installer File Permissions Weakness
Checks whether UAC is enabled
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
System policy modification
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-12 07:48
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-12 07:48
Reported
2025-04-12 07:50
Platform
win10v2004-20250410-en
Max time kernel
29s
Max time network
151s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zxogcbxnieadjalhztnlc.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "wpbofzqbrizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "wpbofzqbrizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "dxkyqldpgyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "khxojhcrlgbdiyidungd.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mhvkdzsfxqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "zxogcbxnieadjalhztnlc.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vsgdvtlepjefjyhbrjz.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "zxogcbxnieadjalhztnlc.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xtiyspjxqkefjyhbrjb.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "mhvkdzsfxqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "xtiyspjxqkefjyhbrjb.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xtiyspjxqkefjyhbrjb.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zxogcbxnieadjalhztnlc.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khxojhcrlgbdiyidungd.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "xtiyspjxqkefjyhbrjb.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mhvkdzsfxqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\istdit = "xwmlffzuhdadjalhztlka.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bwidtpfwfxqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "zxogcbxnieadjalhztnlc.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "dxkyqldpgyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\istdit = "kgtpgdumwpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zxogcbxnieadjalhztnlc.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zxogcbxnieadjalhztnlc.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mhvkdzsfxqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "zxogcbxnieadjalhztnlc.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xtiyspjxqkefjyhbrjb.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "wpbofzqbrizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "khxojhcrlgbdiyidungd.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "xtiyspjxqkefjyhbrjb.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "xtiyspjxqkefjyhbrjb.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "xtiyspjxqkefjyhbrjb.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\mhvkdzsfxqjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\khxojhcrlgbdiyidungd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\khxojhcrlgbdiyidungd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\dxkyqldpgyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\wpbofzqbrizxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\khxojhcrlgbdiyidungd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\dxkyqldpgyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\khxojhcrlgbdiyidungd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\dxkyqldpgyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\zxogcbxnieadjalhztnlc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\wpbofzqbrizxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\zxogcbxnieadjalhztnlc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\khxojhcrlgbdiyidungd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\zxogcbxnieadjalhztnlc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\dxkyqldpgyqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\zxogcbxnieadjalhztnlc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\zxogcbxnieadjalhztnlc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\khxojhcrlgbdiyidungd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\zxogcbxnieadjalhztnlc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\zxogcbxnieadjalhztnlc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uinbkzisuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uoztidsiqhzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rjugwpfpeukhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zxogcbxnieadjalhztnlc.exe ." | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wpbofzqbrizxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mhvkdzsfxqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "khxojhcrlgbdiyidungd.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ofpaphwftixtsc = "wpbofzqbrizxykqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rjugwpfpeukhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ndmwkbpxkymhf = "khxojhcrlgbdiyidungd.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ndmwkbpxkymhf = "dxkyqldpgyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "zxogcbxnieadjalhztnlc.exe ." | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rjugwpfpeukhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khxojhcrlgbdiyidungd.exe ." | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wpbofzqbrizxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xtiyspjxqkefjyhbrjb.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xtiyspjxqkefjyhbrjb.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ofpaphwftixtsc = "khxojhcrlgbdiyidungd.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rjugwpfpeukhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zxogcbxnieadjalhztnlc.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xggpt = "vsgdvtlepjefjyhbrjz.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ofpaphwftixtsc = "zxogcbxnieadjalhztnlc.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wpbofzqbrizxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dxkyqldpgyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "xtiyspjxqkefjyhbrjb.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe ." | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wpbofzqbrizxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zxogcbxnieadjalhztnlc.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "zxogcbxnieadjalhztnlc.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ndmwkbpxkymhf = "wpbofzqbrizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ndmwkbpxkymhf = "mhvkdzsfxqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kwzlsfmu = "xwmlffzuhdadjalhztlka.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "zxogcbxnieadjalhztnlc.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dxkyqldpgyqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bosfnbjst = "C:\\Users\\Admin\\AppData\\Local\\Temp\\igvtmleykfbdiyidunec.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ndmwkbpxkymhf = "wpbofzqbrizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "wpbofzqbrizxykqh.exe ." | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ndmwkbpxkymhf = "dxkyqldpgyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "xtiyspjxqkefjyhbrjb.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ofpaphwftixtsc = "khxojhcrlgbdiyidungd.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "zxogcbxnieadjalhztnlc.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "dxkyqldpgyqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dxkyqldpgyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khxojhcrlgbdiyidungd.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vgitzlr = "bwidtpfwfxqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xggpt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uoztidsiqhzxykqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "xtiyspjxqkefjyhbrjb.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zxogcbxnieadjalhztnlc.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khxojhcrlgbdiyidungd.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xtiyspjxqkefjyhbrjb.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rjugwpfpeukhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xtiyspjxqkefjyhbrjb.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xggpt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vsgdvtlepjefjyhbrjz.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ofpaphwftixtsc = "dxkyqldpgyqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "wpbofzqbrizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dxkyqldpgyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ofpaphwftixtsc = "xtiyspjxqkefjyhbrjb.exe ." | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wpbofzqbrizxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zxogcbxnieadjalhztnlc.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wpbofzqbrizxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khxojhcrlgbdiyidungd.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\owvd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xwmlffzuhdadjalhztlka.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ofpaphwftixtsc = "xtiyspjxqkefjyhbrjb.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "zxogcbxnieadjalhztnlc.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "mhvkdzsfxqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rjugwpfpeukhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zxogcbxnieadjalhztnlc.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "khxojhcrlgbdiyidungd.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ofpaphwftixtsc = "xtiyspjxqkefjyhbrjb.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wpbofzqbrizxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mhvkdzsfxqjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "khxojhcrlgbdiyidungd.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wpbofzqbrizxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dxkyqldpgyqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\wpbofzqbrizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wpbofzqbrizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xtiyspjxqkefjyhbrjb.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zxogcbxnieadjalhztnlc.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\wpbofzqbrizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\khxojhcrlgbdiyidungd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zxogcbxnieadjalhztnlc.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\xtiyspjxqkefjyhbrjb.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dxkyqldpgyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\dxkyqldpgyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zxogcbxnieadjalhztnlc.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\khxojhcrlgbdiyidungd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zxogcbxnieadjalhztnlc.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xtiyspjxqkefjyhbrjb.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\khxojhcrlgbdiyidungd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xtiyspjxqkefjyhbrjb.exe | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\khxojhcrlgbdiyidungd.exe | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File created | C:\Windows\SysWOW64\xtiyspjxqkefjyhbrjb.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dxkyqldpgyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zxogcbxnieadjalhztnlc.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\dxkyqldpgyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xtiyspjxqkefjyhbrjb.exe | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File created | C:\Windows\SysWOW64\xtiyspjxqkefjyhbrjb.exe | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\khxojhcrlgbdiyidungd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\zxogcbxnieadjalhztnlc.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zxogcbxnieadjalhztnlc.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\xtiyspjxqkefjyhbrjb.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\dxkyqldpgyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wpbofzqbrizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zxogcbxnieadjalhztnlc.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\wpbofzqbrizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\xtiyspjxqkefjyhbrjb.exe | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jpooszdbeimxlkdhhjlrqqubf.gko | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\wpbofzqbrizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\khxojhcrlgbdiyidungd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\khxojhcrlgbdiyidungd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\xtiyspjxqkefjyhbrjb.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\khxojhcrlgbdiyidungd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File created | C:\Windows\SysWOW64\zxogcbxnieadjalhztnlc.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\wpbofzqbrizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\zxogcbxnieadjalhztnlc.exe | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File created | C:\Windows\SysWOW64\wpbofzqbrizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wpbofzqbrizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\jpooszdbeimxlkdhhjlrqqubf.gko | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File created | C:\Program Files (x86)\jpooszdbeimxlkdhhjlrqqubf.gko | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File opened for modification | C:\Program Files (x86)\ofpaphwftixtscgvgtgxhshzoxlaplkuynyl.pzk | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File created | C:\Program Files (x86)\ofpaphwftixtscgvgtgxhshzoxlaplkuynyl.pzk | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\jpooszdbeimxlkdhhjlrqqubf.gko | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File opened for modification | C:\Windows\qphaxxulhebfmeqngbwvng.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\dxkyqldpgyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wpbofzqbrizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\dxkyqldpgyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\khxojhcrlgbdiyidungd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\qphaxxulhebfmeqngbwvng.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wpbofzqbrizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\zxogcbxnieadjalhztnlc.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\dxkyqldpgyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\xtiyspjxqkefjyhbrjb.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\khxojhcrlgbdiyidungd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\khxojhcrlgbdiyidungd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\mhvkdzsfxqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\xtiyspjxqkefjyhbrjb.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\khxojhcrlgbdiyidungd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\dxkyqldpgyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wpbofzqbrizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\dxkyqldpgyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\xtiyspjxqkefjyhbrjb.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\dxkyqldpgyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wpbofzqbrizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File opened for modification | C:\Windows\dxkyqldpgyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\qphaxxulhebfmeqngbwvng.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\zxogcbxnieadjalhztnlc.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\mhvkdzsfxqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\zxogcbxnieadjalhztnlc.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\xtiyspjxqkefjyhbrjb.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\xtiyspjxqkefjyhbrjb.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\dxkyqldpgyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\khxojhcrlgbdiyidungd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\qphaxxulhebfmeqngbwvng.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wpbofzqbrizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\xtiyspjxqkefjyhbrjb.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\mhvkdzsfxqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wpbofzqbrizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\khxojhcrlgbdiyidungd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\qphaxxulhebfmeqngbwvng.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\mhvkdzsfxqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File opened for modification | C:\Windows\ofpaphwftixtscgvgtgxhshzoxlaplkuynyl.pzk | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File opened for modification | C:\Windows\khxojhcrlgbdiyidungd.exe | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File opened for modification | C:\Windows\zxogcbxnieadjalhztnlc.exe | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File opened for modification | C:\Windows\jpooszdbeimxlkdhhjlrqqubf.gko | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File opened for modification | C:\Windows\qphaxxulhebfmeqngbwvng.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\khxojhcrlgbdiyidungd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\mhvkdzsfxqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wpbofzqbrizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wpbofzqbrizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\mhvkdzsfxqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\mhvkdzsfxqjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File opened for modification | C:\Windows\xtiyspjxqkefjyhbrjb.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\khxojhcrlgbdiyidungd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\dxkyqldpgyqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\xtiyspjxqkefjyhbrjb.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\khxojhcrlgbdiyidungd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\zxogcbxnieadjalhztnlc.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\wpbofzqbrizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wpbofzqbrizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File opened for modification | C:\Windows\wpbofzqbrizxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\xtiyspjxqkefjyhbrjb.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\qphaxxulhebfmeqngbwvng.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\zxogcbxnieadjalhztnlc.exe | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File opened for modification | C:\Windows\xtiyspjxqkefjyhbrjb.exe | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| File opened for modification | C:\Windows\khxojhcrlgbdiyidungd.exe | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\khxojhcrlgbdiyidungd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wpbofzqbrizxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wpbofzqbrizxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\khxojhcrlgbdiyidungd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mhvkdzsfxqjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zxogcbxnieadjalhztnlc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dxkyqldpgyqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wpbofzqbrizxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vsgdvtlepjefjyhbrjz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dxkyqldpgyqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zxogcbxnieadjalhztnlc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xwmlffzuhdadjalhztlka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dxkyqldpgyqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xwmlffzuhdadjalhztlka.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zxogcbxnieadjalhztnlc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\khxojhcrlgbdiyidungd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\khxojhcrlgbdiyidungd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\khxojhcrlgbdiyidungd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\khxojhcrlgbdiyidungd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xtiyspjxqkefjyhbrjb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe"
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b19410583c5cac21e5066dee43513859.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .
C:\Windows\dxkyqldpgyqpreldr.exe
dxkyqldpgyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."
C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe
"C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_b19410583c5cac21e5066dee43513859.exe"
C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe
"C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_b19410583c5cac21e5066dee43513859.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe .
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wpbofzqbrizxykqh.exe*."
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Windows\dxkyqldpgyqpreldr.exe
dxkyqldpgyqpreldr.exe
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wpbofzqbrizxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe .
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe .
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wpbofzqbrizxykqh.exe*."
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Windows\dxkyqldpgyqpreldr.exe
dxkyqldpgyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vsgdvtlepjefjyhbrjz.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."
C:\Windows\vsgdvtlepjefjyhbrjz.exe
vsgdvtlepjefjyhbrjz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vsgdvtlepjefjyhbrjz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wpbofzqbrizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Windows\vsgdvtlepjefjyhbrjz.exe
vsgdvtlepjefjyhbrjz.exe .
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bwidtpfwfxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kgtpgdumwpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vsgdvtlepjefjyhbrjz.exe*."
C:\Windows\bwidtpfwfxqpreldr.exe
bwidtpfwfxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe .
C:\Windows\kgtpgdumwpjjmaibqh.exe
kgtpgdumwpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\kgtpgdumwpjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\uoztidsiqhzxykqh.exe*."
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe
C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe .
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\uoztidsiqhzxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xwmlffzuhdadjalhztlka.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Windows\xwmlffzuhdadjalhztlka.exe
xwmlffzuhdadjalhztlka.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xwmlffzuhdadjalhztlka.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\xwmlffzuhdadjalhztlka.exe
xwmlffzuhdadjalhztlka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bwidtpfwfxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xwmlffzuhdadjalhztlka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xwmlffzuhdadjalhztlka.exe .
C:\Windows\bwidtpfwfxqpreldr.exe
bwidtpfwfxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe
C:\Windows\xwmlffzuhdadjalhztlka.exe
xwmlffzuhdadjalhztlka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe .
C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xwmlffzuhdadjalhztlka.exe*."
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe
C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\igvtmleykfbdiyidunec.exe*."
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xwmlffzuhdadjalhztlka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe .
C:\Users\Admin\AppData\Local\Temp\xwmlffzuhdadjalhztlka.exe
C:\Users\Admin\AppData\Local\Temp\xwmlffzuhdadjalhztlka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Windows\dxkyqldpgyqpreldr.exe
dxkyqldpgyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vsgdvtlepjefjyhbrjz.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wpbofzqbrizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Windows\dxkyqldpgyqpreldr.exe
dxkyqldpgyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wpbofzqbrizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe .
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe .
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wpbofzqbrizxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .
C:\Windows\dxkyqldpgyqpreldr.exe
dxkyqldpgyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .
C:\Windows\dxkyqldpgyqpreldr.exe
dxkyqldpgyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kgtpgdumwpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."
C:\Windows\kgtpgdumwpjjmaibqh.exe
kgtpgdumwpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vsgdvtlepjefjyhbrjz.exe .
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Windows\vsgdvtlepjefjyhbrjz.exe
vsgdvtlepjefjyhbrjz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kgtpgdumwpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vsgdvtlepjefjyhbrjz.exe*."
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bwidtpfwfxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Windows\kgtpgdumwpjjmaibqh.exe
kgtpgdumwpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Windows\bwidtpfwfxqpreldr.exe
bwidtpfwfxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bwidtpfwfxqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\uoztidsiqhzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bwidtpfwfxqpreldr.exe*."
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wpbofzqbrizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .
C:\Windows\dxkyqldpgyqpreldr.exe
dxkyqldpgyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe .
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wpbofzqbrizxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wpbofzqbrizxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Windows\dxkyqldpgyqpreldr.exe
dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe .
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wpbofzqbrizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uoztidsiqhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Windows\uoztidsiqhzxykqh.exe
uoztidsiqhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vsgdvtlepjefjyhbrjz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."
C:\Windows\vsgdvtlepjefjyhbrjz.exe
vsgdvtlepjefjyhbrjz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c igvtmleykfbdiyidunec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bwidtpfwfxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vsgdvtlepjefjyhbrjz.exe*."
C:\Windows\igvtmleykfbdiyidunec.exe
igvtmleykfbdiyidunec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe
C:\Windows\bwidtpfwfxqpreldr.exe
bwidtpfwfxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bwidtpfwfxqpreldr.exe*."
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe .
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\kgtpgdumwpjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe .
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\kgtpgdumwpjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wpbofzqbrizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .
C:\Windows\dxkyqldpgyqpreldr.exe
dxkyqldpgyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wpbofzqbrizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wpbofzqbrizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe .
C:\Windows\dxkyqldpgyqpreldr.exe
dxkyqldpgyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wpbofzqbrizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe .
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe
C:\Windows\dxkyqldpgyqpreldr.exe
dxkyqldpgyqpreldr.exe .
C:\Windows\dxkyqldpgyqpreldr.exe
dxkyqldpgyqpreldr.exe
C:\Windows\dxkyqldpgyqpreldr.exe
dxkyqldpgyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\dxkyqldpgyqpreldr.exe
dxkyqldpgyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c igvtmleykfbdiyidunec.exe
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe
C:\Windows\igvtmleykfbdiyidunec.exe
igvtmleykfbdiyidunec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c igvtmleykfbdiyidunec.exe .
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe .
C:\Windows\igvtmleykfbdiyidunec.exe
igvtmleykfbdiyidunec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vsgdvtlepjefjyhbrjz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\igvtmleykfbdiyidunec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c igvtmleykfbdiyidunec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe
C:\Windows\vsgdvtlepjefjyhbrjz.exe
vsgdvtlepjefjyhbrjz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe .
C:\Windows\igvtmleykfbdiyidunec.exe
igvtmleykfbdiyidunec.exe .
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Windows\dxkyqldpgyqpreldr.exe
dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe
C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\igvtmleykfbdiyidunec.exe*."
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xwmlffzuhdadjalhztlka.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vsgdvtlepjefjyhbrjz.exe*."
C:\Users\Admin\AppData\Local\Temp\xwmlffzuhdadjalhztlka.exe
C:\Users\Admin\AppData\Local\Temp\xwmlffzuhdadjalhztlka.exe .
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xwmlffzuhdadjalhztlka.exe*."
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .
C:\Windows\dxkyqldpgyqpreldr.exe
dxkyqldpgyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe .
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wpbofzqbrizxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe
C:\Windows\dxkyqldpgyqpreldr.exe
dxkyqldpgyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wpbofzqbrizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe .
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."
C:\Windows\dxkyqldpgyqpreldr.exe
dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Windows\wpbofzqbrizxykqh.exe
wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
C:\Windows\dxkyqldpgyqpreldr.exe
dxkyqldpgyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wpbofzqbrizxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Windows\khxojhcrlgbdiyidungd.exe
khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .
C:\Windows\mhvkdzsfxqjjmaibqh.exe
mhvkdzsfxqjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."
C:\Windows\xtiyspjxqkefjyhbrjb.exe
xtiyspjxqkefjyhbrjb.exe
C:\Windows\zxogcbxnieadjalhztnlc.exe
zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wpbofzqbrizxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe
C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| GB | 88.221.135.24:443 | www.bing.com | tcp |
| GB | 95.101.143.202:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 216.58.201.105:80 | www.blogger.com | tcp |
| BG | 95.43.224.95:20089 | tcp | |
| US | 8.8.8.8:53 | qtttbufqbex.org | udp |
| US | 8.8.8.8:53 | immuiaiugkeq.net | udp |
| US | 8.8.8.8:53 | suxkks.info | udp |
| US | 8.8.8.8:53 | molygadsholapet.org | udp |
| US | 8.8.8.8:53 | cpcmnenansnan.com | udp |
| US | 8.8.8.8:53 | yywmiiiugkeq.biz | udp |
| US | 8.8.8.8:53 | igzmwo.biz | udp |
| US | 8.8.8.8:53 | uaperanansnan.com | udp |
| US | 8.8.8.8:53 | lzkcvafox.org | udp |
| US | 8.8.8.8:53 | yksgamiq.net | udp |
| US | 8.8.8.8:53 | ywpdbcuiwcymao.info | udp |
| US | 8.8.8.8:53 | dphmlsn.org | udp |
| US | 8.8.8.8:53 | efzhnyfqbex.com | udp |
| US | 8.8.8.8:53 | eidpyqeoya.info | udp |
| US | 8.8.8.8:53 | wcotrsiugkeq.info | udp |
| US | 8.8.8.8:53 | jfnudafox.org | udp |
| US | 8.8.8.8:53 | tkrogcn.org | udp |
| US | 8.8.8.8:53 | oeesimiq.net | udp |
| US | 8.8.8.8:53 | uatqlcuiwcymao.info | udp |
| US | 8.8.8.8:53 | zfdthsn.cc | udp |
| US | 8.8.8.8:53 | xizqmkn.cc | udp |
| US | 8.8.8.8:53 | oerrlgeoya.biz | udp |
| US | 8.8.8.8:53 | eqbqcguiwcymao.info | udp |
| US | 52.11.240.239:80 | eqbqcguiwcymao.info | tcp |
| US | 8.8.8.8:53 | zuzmvwfox.com | udp |
| US | 8.8.8.8:53 | wzgrsenansnan.org | udp |
| US | 84.32.76.214:28006 | tcp | |
| US | 8.8.8.8:53 | wigyhsiugkeq.biz | udp |
| US | 8.8.8.8:53 | waauysiugkeq.net | udp |
| US | 8.8.8.8:53 | srjukodsholapet.org | udp |
| US | 8.8.8.8:53 | tizmbgn.org | udp |
| US | 8.8.8.8:53 | qwetpwiugkeq.biz | udp |
| US | 8.8.8.8:53 | amlehcuiwcymao.net | udp |
| US | 8.8.8.8:53 | izbqukdsholapet.com | udp |
| US | 8.8.8.8:53 | agvtrufqbex.cc | udp |
| US | 8.8.8.8:53 | sepsbs.net | udp |
| US | 8.8.8.8:53 | agoriiiugkeq.biz | udp |
| US | 8.8.8.8:53 | rmrgusfox.cc | udp |
| US | 8.8.8.8:53 | bozyrgn.com | udp |
| US | 8.8.8.8:53 | kooiewiq.net | udp |
| US | 8.8.8.8:53 | yuwuemiq.biz | udp |
| US | 8.8.8.8:53 | ybdetodsholapet.com | udp |
| US | 8.8.8.8:53 | mgesbsdsholapet.org | udp |
| US | 8.8.8.8:53 | ykbjeueoya.biz | udp |
| US | 8.8.8.8:53 | sooiysiugkeq.biz | udp |
| US | 8.8.8.8:53 | tjxxlafox.cc | udp |
| US | 8.8.8.8:53 | cjgsnenansnan.com | udp |
| US | 8.8.8.8:53 | autsca.net | udp |
| US | 8.8.8.8:53 | wmeawmiq.net | udp |
| US | 8.8.8.8:53 | nszqrsfox.cc | udp |
| US | 8.8.8.8:53 | nqwuzafox.org | udp |
| US | 8.8.8.8:53 | ugzfgguiwcymao.info | udp |
| US | 8.8.8.8:53 | qwawsaiq.biz | udp |
| US | 8.8.8.8:53 | wabchmnansnan.com | udp |
| US | 8.8.8.8:53 | xcneecn.org | udp |
| US | 8.8.8.8:53 | uwxumcuiwcymao.info | udp |
| US | 8.8.8.8:53 | qymkcaiq.net | udp |
| US | 8.8.8.8:53 | xojoxsn.com | udp |
| US | 8.8.8.8:53 | bkcsuafox.com | udp |
| US | 8.8.8.8:53 | ailswk.info | udp |
| US | 8.8.8.8:53 | qweacsiugkeq.biz | udp |
| US | 8.8.8.8:53 | tvfwkifox.cc | udp |
| BG | 83.222.181.237:30559 | tcp | |
| US | 8.8.8.8:53 | fqcqcwfox.org | udp |
| US | 8.8.8.8:53 | gimcsiiugkeq.net | udp |
| US | 8.8.8.8:53 | catwtueoya.net | udp |
| US | 8.8.8.8:53 | ytxizanansnan.org | udp |
| US | 8.8.8.8:53 | zonspkn.cc | udp |
| US | 8.8.8.8:53 | aymkoaiugkeq.info | udp |
| US | 8.8.8.8:53 | usawkiiugkeq.biz | udp |
| US | 8.8.8.8:53 | uafudkdsholapet.cc | udp |
| US | 8.8.8.8:53 | wrsxuodsholapet.com | udp |
| US | 8.8.8.8:53 | egweniiugkeq.net | udp |
| US | 8.8.8.8:53 | igkiteiq.info | udp |
| US | 8.8.8.8:53 | ekxtrenansnan.org | udp |
| US | 8.8.8.8:53 | rmrihsn.org | udp |
| US | 8.8.8.8:53 | qgqqhwiugkeq.net | udp |
| US | 8.8.8.8:53 | skqoxsiugkeq.net | udp |
| US | 8.8.8.8:53 | unbclufqbex.org | udp |
| US | 8.8.8.8:53 | ygudvanansnan.org | udp |
| US | 8.8.8.8:53 | kenoyguiwcymao.net | udp |
| US | 8.8.8.8:53 | eaxveqeoya.net | udp |
| US | 8.8.8.8:53 | tbxouwfox.org | udp |
| US | 8.8.8.8:53 | jfgjlifox.org | udp |
| US | 8.8.8.8:53 | gahmus.net | udp |
| US | 8.8.8.8:53 | qaowwaiq.net | udp |
| US | 8.8.8.8:53 | dsfxjcn.org | udp |
| US | 8.8.8.8:53 | zcbtrcn.com | udp |
| US | 8.8.8.8:53 | sywmmmiq.info | udp |
| US | 8.8.8.8:53 | iobwycuiwcymao.net | udp |
| US | 8.8.8.8:53 | xidshsn.com | udp |
| US | 8.8.8.8:53 | mqtoqyfqbex.com | udp |
| US | 8.8.8.8:53 | wovsmueoya.info | udp |
| US | 8.8.8.8:53 | euyypiiugkeq.net | udp |
| US | 8.8.8.8:53 | hzdupsn.org | udp |
| US | 8.8.8.8:53 | brdhrcn.org | udp |
| US | 8.8.8.8:53 | scfdcueoya.info | udp |
| US | 8.8.8.8:53 | wessyiiugkeq.info | udp |
| US | 8.8.8.8:53 | tmrvuifox.com | udp |
| US | 8.8.8.8:53 | pwhmxcn.cc | udp |
| US | 8.8.8.8:53 | kkpepo.info | udp |
| US | 8.8.8.8:53 | aaxsiueoya.info | udp |
| US | 8.8.8.8:53 | vmribifox.org | udp |
| US | 8.8.8.8:53 | drigfifox.cc | udp |
| US | 8.8.8.8:53 | kmnliguiwcymao.info | udp |
| US | 8.8.8.8:53 | uytcsgeoya.info | udp |
| US | 8.8.8.8:53 | uglergfqbex.org | udp |
| US | 8.8.8.8:53 | lxnsdcn.com | udp |
| US | 8.8.8.8:53 | coxkiueoya.info | udp |
| US | 8.8.8.8:53 | aqzadkuiwcymao.info | udp |
| US | 8.8.8.8:53 | yalpjanansnan.org | udp |
| NL | 94.156.119.28:35112 | tcp | |
| US | 8.8.8.8:53 | ycokbodsholapet.org | udp |
| US | 8.8.8.8:53 | yqjswk.net | udp |
| US | 8.8.8.8:53 | ymxikueoya.net | udp |
| US | 8.8.8.8:53 | kdrccwnansnan.com | udp |
| US | 8.8.8.8:53 | ckocgkdsholapet.org | udp |
| US | 8.8.8.8:53 | swdihk.info | udp |
| US | 8.8.8.8:53 | qwbbyyeoya.info | udp |
| US | 8.8.8.8:53 | yndccsdsholapet.cc | udp |
| US | 8.8.8.8:53 | uvjmhufqbex.org | udp |
| US | 8.8.8.8:53 | isuufsiugkeq.info | udp |
| US | 8.8.8.8:53 | ieysqwiq.biz | udp |
| US | 8.8.8.8:53 | zqhkxgn.cc | udp |
| US | 8.8.8.8:53 | mqswuwnansnan.org | udp |
| US | 8.8.8.8:53 | iyyodwiugkeq.info | udp |
| US | 8.8.8.8:53 | wopkca.info | udp |
| US | 8.8.8.8:53 | lnhktifox.org | udp |
| US | 8.8.8.8:53 | fqhkgkn.com | udp |
| US | 8.8.8.8:53 | ewfahguiwcymao.info | udp |
| US | 8.8.8.8:53 | qusosiiugkeq.net | udp |
| US | 8.8.8.8:53 | ovtiuufqbex.cc | udp |
| US | 8.8.8.8:53 | aqestenansnan.org | udp |
| US | 8.8.8.8:53 | cymgiwiugkeq.info | udp |
| US | 8.8.8.8:53 | yuhspcuiwcymao.biz | udp |
| US | 8.8.8.8:53 | pvlglcn.com | udp |
| US | 8.8.8.8:53 | sshljufqbex.org | udp |
| US | 8.8.8.8:53 | suzcda.net | udp |
| US | 8.8.8.8:53 | cebszqeoya.info | udp |
| US | 8.8.8.8:53 | cdnjnanansnan.cc | udp |
| US | 8.8.8.8:53 | slwcnodsholapet.cc | udp |
| US | 8.8.8.8:53 | goboncuiwcymao.net | udp |
| US | 8.8.8.8:53 | uwmzmeiq.net | udp |
| US | 8.8.8.8:53 | gtrevgfqbex.org | udp |
| US | 8.8.8.8:53 | vmgqbsfox.org | udp |
| US | 8.8.8.8:53 | eeigiwiq.net | udp |
| US | 8.8.8.8:53 | cyugvwiq.biz | udp |
| US | 8.8.8.8:53 | yknalenansnan.com | udp |
| US | 8.8.8.8:53 | lkadhifox.org | udp |
| US | 8.8.8.8:53 | iuwkfiiugkeq.info | udp |
| US | 8.8.8.8:53 | qidcqa.net | udp |
| US | 8.8.8.8:53 | anljvkdsholapet.cc | udp |
| US | 8.8.8.8:53 | ebaaxanansnan.org | udp |
| US | 8.8.8.8:53 | satsdueoya.info | udp |
| US | 8.8.8.8:53 | cgguxsiugkeq.biz | udp |
| US | 8.8.8.8:53 | vxdaqgn.cc | udp |
| BG | 78.83.153.188:40867 | tcp | |
| US | 8.8.8.8:53 | qxkyvwnansnan.org | udp |
| US | 8.8.8.8:53 | aijneueoya.info | udp |
| US | 8.8.8.8:53 | qixipa.info | udp |
| US | 8.8.8.8:53 | oznevadsholapet.org | udp |
| US | 8.8.8.8:53 | tnrpfkn.cc | udp |
| US | 8.8.8.8:53 | ikpogcuiwcymao.info | udp |
| US | 8.8.8.8:53 | syqyiiiugkeq.info | udp |
| US | 8.8.8.8:53 | bglbscn.org | udp |
| US | 8.8.8.8:53 | ewgxsodsholapet.cc | udp |
| US | 8.8.8.8:53 | gahdrueoya.biz | udp |
| US | 8.8.8.8:53 | kmyjzsiugkeq.net | udp |
| US | 8.8.8.8:53 | ygxqnanansnan.com | udp |
| US | 8.8.8.8:53 | fnzyrcn.com | udp |
| US | 8.8.8.8:53 | oquysiiugkeq.biz | udp |
| US | 8.8.8.8:53 | smfqaa.info | udp |
| US | 8.8.8.8:53 | ctjwaanansnan.com | udp |
| US | 8.8.8.8:53 | hbkjhafox.com | udp |
| US | 8.8.8.8:53 | ccpodo.biz | udp |
| US | 8.8.8.8:53 | yoqcpmiq.biz | udp |
| US | 8.8.8.8:53 | jjbntsfox.org | udp |
| US | 8.8.8.8:53 | wigiakdsholapet.com | udp |
| US | 8.8.8.8:53 | qaygssiugkeq.biz | udp |
| US | 8.8.8.8:53 | ayfapa.biz | udp |
| US | 8.8.8.8:53 | ojxqpmnansnan.org | udp |
| US | 8.8.8.8:53 | rpywjifox.org | udp |
| US | 8.8.8.8:53 | ggxuesuiwcymao.biz | udp |
| US | 8.8.8.8:53 | eqlgqueoya.biz | udp |
| US | 8.8.8.8:53 | abdqbenansnan.com | udp |
| US | 8.8.8.8:53 | intehufqbex.org | udp |
| US | 8.8.8.8:53 | osvvkgeoya.net | udp |
| US | 8.8.8.8:53 | varbwsn.com | udp |
| US | 8.8.8.8:53 | rnwslafox.com | udp |
| US | 8.8.8.8:53 | kwdktk.net | udp |
| US | 8.8.8.8:53 | katyqkuiwcymao.net | udp |
| US | 8.8.8.8:53 | tldcjafox.cc | udp |
| US | 8.8.8.8:53 | mvomnkdsholapet.com | udp |
| LT | 78.61.20.6:33273 | tcp | |
| US | 8.8.8.8:53 | mkbuyk.biz | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | seeqxsiugkeq.info | udp |
| US | 8.8.8.8:53 | jrjyeafox.com | udp |
| US | 8.8.8.8:53 | gsuivanansnan.cc | udp |
| US | 8.8.8.8:53 | ymjogcuiwcymao.biz | udp |
| US | 8.8.8.8:53 | aopcoa.info | udp |
| US | 8.8.8.8:53 | pyxongn.org | udp |
| US | 8.8.8.8:53 | wvmqfodsholapet.cc | udp |
| US | 8.8.8.8:53 | ycosswiq.biz | udp |
| US | 8.8.8.8:53 | smpsecuiwcymao.info | udp |
| US | 8.8.8.8:53 | qwffnkdsholapet.cc | udp |
| US | 8.8.8.8:53 | sbyqaodsholapet.org | udp |
| US | 8.8.8.8:53 | csvacgeoya.biz | udp |
| US | 8.8.8.8:53 | gkeeawiq.biz | udp |
| US | 8.8.8.8:53 | mjnmxgfqbex.org | udp |
| US | 8.8.8.8:53 | ldvhxcn.cc | udp |
| US | 8.8.8.8:53 | ywsyewiugkeq.biz | udp |
| US | 8.8.8.8:53 | kklkvguiwcymao.info | udp |
| US | 8.8.8.8:53 | ynlcxufqbex.cc | udp |
| US | 8.8.8.8:53 | fzusgafox.com | udp |
| US | 8.8.8.8:53 | ikmgamiq.net | udp |
| US | 8.8.8.8:53 | ucdeuqeoya.biz | udp |
| US | 8.8.8.8:53 | dhhnowfox.org | udp |
| US | 8.8.8.8:53 | shmdzmnansnan.cc | udp |
| US | 8.8.8.8:53 | ikahdwiq.net | udp |
| US | 8.8.8.8:53 | oqbccsuiwcymao.info | udp |
| US | 8.8.8.8:53 | vmrwksn.cc | udp |
| US | 8.8.8.8:53 | ymkaaenansnan.org | udp |
| US | 8.8.8.8:53 | uowhamiq.biz | udp |
| US | 8.8.8.8:53 | oyiemiiugkeq.net | udp |
| US | 8.8.8.8:53 | dhxelgn.cc | udp |
| US | 8.8.8.8:53 | yvjxbqfqbex.com | udp |
| US | 8.8.8.8:53 | mkfqck.net | udp |
| US | 8.8.8.8:53 | gcnunkuiwcymao.biz | udp |
| US | 8.8.8.8:53 | qarebgfqbex.org | udp |
| US | 8.8.8.8:53 | sgygrenansnan.org | udp |
| US | 8.8.8.8:53 | wqtpoa.biz | udp |
| US | 8.8.8.8:53 | uijsocuiwcymao.net | udp |
| US | 8.8.8.8:53 | msgslkdsholapet.cc | udp |
| US | 8.8.8.8:53 | cmecrwiq.info | udp |
| US | 8.8.8.8:53 | yswfewiq.biz | udp |
| US | 8.8.8.8:53 | jllifcn.cc | udp |
| US | 8.8.8.8:53 | mgiwhkdsholapet.com | udp |
| US | 8.8.8.8:53 | uqgpuwiugkeq.info | udp |
| US | 8.8.8.8:53 | acwwdsiugkeq.info | udp |
| US | 8.8.8.8:53 | vqhxzsfox.com | udp |
| US | 8.8.8.8:53 | qpmmxodsholapet.org | udp |
| BG | 93.123.120.140:21928 | tcp | |
| US | 8.8.8.8:53 | uwvams.net | udp |
| US | 8.8.8.8:53 | kehoko.biz | udp |
| US | 8.8.8.8:53 | gujndsdsholapet.org | udp |
| US | 8.8.8.8:53 | mgjlmcuiwcymao.biz | udp |
| US | 8.8.8.8:53 | qqbfxqeoya.net | udp |
| US | 8.8.8.8:53 | lkroxcn.org | udp |
| US | 8.8.8.8:53 | xiwqrifox.cc | udp |
| US | 8.8.8.8:53 | saekyaiugkeq.biz | udp |
| US | 8.8.8.8:53 | wyufiwiugkeq.info | udp |
| US | 8.8.8.8:53 | zqdppcn.org | udp |
| US | 8.8.8.8:53 | zmcuawfox.com | udp |
| US | 8.8.8.8:53 | ccjajs.net | udp |
| US | 8.8.8.8:53 | oiwkkwiugkeq.biz | udp |
| US | 8.8.8.8:53 | cvlwyqfqbex.com | udp |
| US | 8.8.8.8:53 | mmqmdadsholapet.cc | udp |
| US | 8.8.8.8:53 | akqipmiq.net | udp |
| US | 8.8.8.8:53 | csrjza.biz | udp |
| US | 8.8.8.8:53 | irxkesdsholapet.com | udp |
| US | 8.8.8.8:53 | xedkfkn.cc | udp |
| US | 8.8.8.8:53 | eyiqmaiq.info | udp |
| US | 8.8.8.8:53 | uqjcesuiwcymao.biz | udp |
| US | 8.8.8.8:53 | qfbajkdsholapet.cc | udp |
| US | 8.8.8.8:53 | gashosdsholapet.cc | udp |
| US | 8.8.8.8:53 | ioxgfkuiwcymao.net | udp |
| US | 8.8.8.8:53 | cakcksiugkeq.net | udp |
| US | 8.8.8.8:53 | pzfpdsn.com | udp |
| US | 8.8.8.8:53 | kfjuhyfqbex.com | udp |
| US | 8.8.8.8:53 | skxmss.net | udp |
| US | 8.8.8.8:53 | kgjnuo.net | udp |
| US | 8.8.8.8:53 | garctenansnan.com | udp |
| US | 8.8.8.8:53 | uqirsadsholapet.cc | udp |
| US | 8.8.8.8:53 | cehbea.info | udp |
| US | 8.8.8.8:53 | qyllkyeoya.net | udp |
| US | 8.8.8.8:53 | ekzmkyfqbex.cc | udp |
| US | 8.8.8.8:53 | aywzoanansnan.cc | udp |
| US | 8.8.8.8:53 | eapmoguiwcymao.info | udp |
| US | 8.8.8.8:53 | qcjisqeoya.net | udp |
| US | 8.8.8.8:53 | brjarkn.com | udp |
| US | 8.8.8.8:53 | cvktlsdsholapet.com | udp |
| US | 8.8.8.8:53 | yslnsa.net | udp |
| US | 8.8.8.8:53 | iahmhgeoya.biz | udp |
| US | 8.8.8.8:53 | upbgkkdsholapet.cc | udp |
| US | 8.8.8.8:53 | rvoqtwfox.com | udp |
| US | 8.8.8.8:53 | gqlawgeoya.info | udp |
| US | 8.8.8.8:53 | qymmssiugkeq.net | udp |
| US | 8.8.8.8:53 | bdfqlcn.cc | udp |
| US | 8.8.8.8:53 | mohpsgfqbex.org | udp |
| US | 8.8.8.8:53 | mkxzgo.info | udp |
| BG | 89.215.188.160:19181 | tcp | |
| US | 8.8.8.8:53 | wodkgyeoya.net | udp |
| US | 8.8.8.8:53 | hjhubwfox.cc | udp |
| US | 8.8.8.8:53 | hfmrgafox.org | udp |
| US | 8.8.8.8:53 | kapflsuiwcymao.biz | udp |
| US | 8.8.8.8:53 | aivsdgeoya.biz | udp |
| US | 8.8.8.8:53 | qprcjadsholapet.org | udp |
| US | 8.8.8.8:53 | sfwqaanansnan.com | udp |
| US | 8.8.8.8:53 | ugkjfiiugkeq.info | udp |
| US | 8.8.8.8:53 | kasatwiq.biz | udp |
| US | 8.8.8.8:53 | fwdsbsn.cc | udp |
| US | 8.8.8.8:53 | uqqigwnansnan.com | udp |
| US | 8.8.8.8:53 | iwqnwaiq.biz | udp |
| US | 8.8.8.8:53 | oevwwguiwcymao.info | udp |
| US | 8.8.8.8:53 | vtnwbsn.org | udp |
| US | 8.8.8.8:53 | drickafox.cc | udp |
| US | 8.8.8.8:53 | gyfssk.info | udp |
| US | 8.8.8.8:53 | cgbywgeoya.biz | udp |
| US | 8.8.8.8:53 | kntxngfqbex.cc | udp |
| US | 8.8.8.8:53 | sntqrqfqbex.org | udp |
| US | 8.8.8.8:53 | keqaqwiugkeq.net | udp |
| US | 8.8.8.8:53 | ccfqsguiwcymao.biz | udp |
| US | 8.8.8.8:53 | uudadkdsholapet.cc | udp |
| US | 8.8.8.8:53 | mkaeumnansnan.org | udp |
| US | 8.8.8.8:53 | sebihguiwcymao.biz | udp |
| US | 8.8.8.8:53 | aispkeiq.net | udp |
| US | 8.8.8.8:53 | yejlkmnansnan.cc | udp |
| US | 8.8.8.8:53 | cafkbqfqbex.com | udp |
| US | 8.8.8.8:53 | akrcoueoya.net | udp |
| US | 8.8.8.8:53 | xihaywfox.org | udp |
| US | 8.8.8.8:53 | ilwmradsholapet.org | udp |
| US | 8.8.8.8:53 | cudclguiwcymao.biz | udp |
| US | 8.8.8.8:53 | kyliisuiwcymao.net | udp |
| US | 8.8.8.8:53 | lzripifox.org | udp |
| US | 8.8.8.8:53 | ggawxkdsholapet.org | udp |
| US | 8.8.8.8:53 | sevaia.info | udp |
| US | 8.8.8.8:53 | ggxouqeoya.info | udp |
| US | 8.8.8.8:53 | qvlkzodsholapet.com | udp |
| US | 8.8.8.8:53 | rufpjsn.cc | udp |
| US | 8.8.8.8:53 | yyvilcuiwcymao.biz | udp |
| US | 8.8.8.8:53 | mariek.info | udp |
| US | 8.8.8.8:53 | ymxjpgfqbex.com | udp |
| US | 8.8.8.8:53 | ngzwjcn.com | udp |
| US | 8.8.8.8:53 | eajoyueoya.net | udp |
| US | 8.8.8.8:53 | aqbzwguiwcymao.info | udp |
| US | 8.8.8.8:53 | nkjgnkn.com | udp |
| US | 8.8.8.8:53 | gksugsdsholapet.cc | udp |
| US | 8.8.8.8:53 | ywebbeiq.biz | udp |
| US | 8.8.8.8:53 | iibjso.net | udp |
| US | 8.8.8.8:53 | opnanmnansnan.cc | udp |
| US | 8.8.8.8:53 | duwwfafox.cc | udp |
| US | 8.8.8.8:53 | sotaiqeoya.info | udp |
| LT | 84.240.51.252:25477 | tcp | |
| US | 8.8.8.8:53 | ackuwwiugkeq.biz | udp |
| US | 8.8.8.8:53 | gmzppyfqbex.org | udp |
| US | 8.8.8.8:53 | cpjzbyfqbex.cc | udp |
| US | 8.8.8.8:53 | icpliqeoya.biz | udp |
| US | 8.8.8.8:53 | aetgpyfqbex.cc | udp |
| US | 8.8.8.8:53 | fmgdnwfox.org | udp |
| US | 8.8.8.8:53 | amdgqkuiwcymao.biz | udp |
| US | 8.8.8.8:53 | gqqahaiugkeq.info | udp |
| US | 8.8.8.8:53 | stfmbenansnan.org | udp |
| US | 8.8.8.8:53 | fxnvcgn.com | udp |
| US | 8.8.8.8:53 | okecyiiugkeq.net | udp |
| US | 8.8.8.8:53 | msveigeoya.biz | udp |
| US | 8.8.8.8:53 | jehmxgn.org | udp |
| US | 8.8.8.8:53 | sdyriwnansnan.com | udp |
| US | 8.8.8.8:53 | mahfmsuiwcymao.biz | udp |
| US | 8.8.8.8:53 | eqrvoueoya.net | udp |
| US | 8.8.8.8:53 | kbzwdkdsholapet.cc | udp |
| US | 8.8.8.8:53 | zgduzgn.com | udp |
| US | 8.8.8.8:53 | mwxclueoya.biz | udp |
| US | 8.8.8.8:53 | qcklsmiq.net | udp |
| US | 8.8.8.8:53 | kxdwqgfqbex.com | udp |
| US | 8.8.8.8:53 | wrlndgfqbex.cc | udp |
| US | 8.8.8.8:53 | kolkhguiwcymao.net | udp |
| US | 8.8.8.8:53 | ccfocqeoya.info | udp |
| US | 8.8.8.8:53 | iqlrwwnansnan.org | udp |
| US | 8.8.8.8:53 | sdmumadsholapet.com | udp |
| US | 8.8.8.8:53 | kqowieiq.biz | udp |
| US | 8.8.8.8:53 | wcxwacuiwcymao.biz | udp |
| US | 8.8.8.8:53 | yphvdyfqbex.cc | udp |
| US | 8.8.8.8:53 | vbmgnafox.com | udp |
| US | 8.8.8.8:53 | qgnfmgeoya.biz | udp |
| US | 8.8.8.8:53 | lohutkn.com | udp |
| US | 8.8.8.8:53 | xdngzcn.com | udp |
| US | 8.8.8.8:53 | gaycpaiq.net | udp |
| US | 8.8.8.8:53 | oorjesuiwcymao.biz | udp |
| BG | 93.183.185.137:22218 | tcp | |
| US | 8.8.8.8:53 | rulrusfox.com | udp |
| US | 8.8.8.8:53 | gjwkhadsholapet.org | udp |
| US | 8.8.8.8:53 | watgjgeoya.info | udp |
| US | 8.8.8.8:53 | muipuaiq.info | udp |
| US | 8.8.8.8:53 | dszijcn.com | udp |
| US | 8.8.8.8:53 | pcholkn.org | udp |
| US | 8.8.8.8:53 | oqbahqeoya.net | udp |
| US | 8.8.8.8:53 | owesisiugkeq.biz | udp |
| US | 8.8.8.8:53 | oljgxadsholapet.cc | udp |
| US | 8.8.8.8:53 | vkygxifox.org | udp |
| US | 8.8.8.8:53 | coxumyeoya.net | udp |
| US | 8.8.8.8:53 | guesgsiugkeq.biz | udp |
| US | 8.8.8.8:53 | mdfgmmnansnan.cc | udp |
| US | 8.8.8.8:53 | ejkfkodsholapet.com | udp |
| US | 8.8.8.8:53 | uwsunmiq.biz | udp |
| US | 8.8.8.8:53 | qogipaiq.biz | udp |
| US | 8.8.8.8:53 | altqradsholapet.cc | udp |
| US | 8.8.8.8:53 | uodypqfqbex.com | udp |
| US | 8.8.8.8:53 | imnargeoya.net | udp |
| US | 8.8.8.8:53 | sqcpjmiq.net | udp |
| US | 8.8.8.8:53 | cclwradsholapet.cc | udp |
| US | 8.8.8.8:53 | fzwmpwfox.org | udp |
| US | 8.8.8.8:53 | owztakuiwcymao.net | udp |
| US | 8.8.8.8:53 | ycdoeqeoya.biz | udp |
| US | 8.8.8.8:53 | mvzgvgfqbex.cc | udp |
| US | 8.8.8.8:53 | ehqvnanansnan.com | udp |
| US | 8.8.8.8:53 | kuuyeaiugkeq.net | udp |
| US | 8.8.8.8:53 | agdcas.net | udp |
| US | 8.8.8.8:53 | arhezenansnan.com | udp |
| US | 8.8.8.8:53 | mdenqadsholapet.org | udp |
| US | 8.8.8.8:53 | eqoygeiq.biz | udp |
| US | 8.8.8.8:53 | kqvomo.net | udp |
| US | 8.8.8.8:53 | gsxwoodsholapet.cc | udp |
| US | 8.8.8.8:53 | yhvtlgfqbex.com | udp |
| US | 8.8.8.8:53 | cwruns.biz | udp |
| US | 8.8.8.8:53 | ewrgra.info | udp |
| US | 8.8.8.8:53 | jbhtfgn.org | udp |
| US | 8.8.8.8:53 | vhhyksn.cc | udp |
| US | 8.8.8.8:53 | yadxsa.biz | udp |
| US | 8.8.8.8:53 | icucymiq.info | udp |
| US | 8.8.8.8:53 | capnvyfqbex.com | udp |
| US | 8.8.8.8:53 | gzycfanansnan.cc | udp |
| US | 8.8.8.8:53 | qcewewiq.info | udp |
| US | 8.8.8.8:53 | syktjaiugkeq.net | udp |
| US | 8.8.8.8:53 | jozwzafox.com | udp |
| US | 8.8.8.8:53 | mqgsxaiugkeq.net | udp |
| US | 8.8.8.8:53 | yopkua.info | udp |
| US | 8.8.8.8:53 | ndvcrgn.cc | udp |
| US | 8.8.8.8:53 | yxuqqadsholapet.org | udp |
| US | 8.8.8.8:53 | sapcno.info | udp |
| US | 8.8.8.8:53 | ewxgmk.info | udp |
| US | 8.8.8.8:53 | munmnkdsholapet.com | udp |
| US | 8.8.8.8:53 | ttzwcgn.cc | udp |
| US | 8.8.8.8:53 | emuqzwiq.biz | udp |
| US | 8.8.8.8:53 | giegosiugkeq.info | udp |
| US | 8.8.8.8:53 | pmxxgifox.org | udp |
| US | 8.8.8.8:53 | oceunkdsholapet.com | udp |
| LT | 212.117.11.165:14567 | tcp | |
| US | 8.8.8.8:53 | asvxhs.biz | udp |
| US | 8.8.8.8:53 | ugjlekuiwcymao.net | udp |
| US | 8.8.8.8:53 | schwyadsholapet.org | udp |
| US | 8.8.8.8:53 | tjawhwfox.cc | udp |
| US | 8.8.8.8:53 | yobeuyeoya.info | udp |
| US | 8.8.8.8:53 | gexcoyeoya.net | udp |
| US | 8.8.8.8:53 | ltptvafox.org | udp |
| US | 8.8.8.8:53 | tfbinkn.com | udp |
| US | 8.8.8.8:53 | ccfbrueoya.biz | udp |
| US | 8.8.8.8:53 | wxfsuenansnan.com | udp |
| US | 8.8.8.8:53 | jfmqhafox.com | udp |
| US | 8.8.8.8:53 | mebmdk.info | udp |
| US | 8.8.8.8:53 | aifbmguiwcymao.biz | udp |
| US | 8.8.8.8:53 | rgpgnwfox.org | udp |
| US | 8.8.8.8:53 | mlocqadsholapet.com | udp |
| US | 8.8.8.8:53 | mcjqmueoya.net | udp |
| US | 8.8.8.8:53 | iynsyyeoya.info | udp |
| US | 8.8.8.8:53 | nxpoowfox.com | udp |
| US | 8.8.8.8:53 | cmkmzmnansnan.com | udp |
| US | 8.8.8.8:53 | gkryis.info | udp |
| US | 8.8.8.8:53 | ykkwcsiugkeq.net | udp |
| US | 8.8.8.8:53 | uhdlhwnansnan.cc | udp |
| US | 8.8.8.8:53 | qxtgdufqbex.org | udp |
| US | 8.8.8.8:53 | csbgjueoya.biz | udp |
| US | 8.8.8.8:53 | ciaqiiiugkeq.biz | udp |
| US | 8.8.8.8:53 | kktaxsdsholapet.org | udp |
| US | 8.8.8.8:53 | cglzcufqbex.org | udp |
| US | 8.8.8.8:53 | cgxyia.net | udp |
| US | 8.8.8.8:53 | myozamiq.biz | udp |
| US | 8.8.8.8:53 | siruxqfqbex.org | udp |
| US | 8.8.8.8:53 | mhtceufqbex.org | udp |
| US | 8.8.8.8:53 | qulegyeoya.info | udp |
| US | 8.8.8.8:53 | celijcuiwcymao.info | udp |
| US | 8.8.8.8:53 | pvplfcn.cc | udp |
| US | 8.8.8.8:53 | upsqdenansnan.com | udp |
| US | 8.8.8.8:53 | qumwgmiq.net | udp |
| US | 8.8.8.8:53 | sqowawiq.info | udp |
| US | 8.8.8.8:53 | hlracsn.com | udp |
| US | 8.8.8.8:53 | vmokuwfox.com | udp |
| US | 8.8.8.8:53 | cstlnguiwcymao.biz | udp |
| US | 8.8.8.8:53 | eehapguiwcymao.biz | udp |
| US | 8.8.8.8:53 | cufuxadsholapet.org | udp |
| US | 8.8.8.8:53 | nejtjkn.org | udp |
| US | 8.8.8.8:53 | kwaobaiq.biz | udp |
| US | 8.8.8.8:53 | mmlmosuiwcymao.net | udp |
| US | 8.8.8.8:53 | cwdgpwnansnan.org | udp |
| US | 8.8.8.8:53 | skkstanansnan.cc | udp |
| US | 8.8.8.8:53 | wwlqhgeoya.net | udp |
| RU | 94.137.253.114:37887 | tcp | |
| US | 8.8.8.8:53 | oilfio.biz | udp |
| US | 8.8.8.8:53 | hfhcdkn.cc | udp |
| US | 8.8.8.8:53 | eihotufqbex.org | udp |
| US | 8.8.8.8:53 | uolbqguiwcymao.biz | udp |
| US | 8.8.8.8:53 | mupwuqeoya.biz | udp |
| US | 8.8.8.8:53 | yznqxqfqbex.cc | udp |
| US | 8.8.8.8:53 | trbrysn.cc | udp |
| US | 8.8.8.8:53 | ikpcrueoya.biz | udp |
| US | 8.8.8.8:53 | cypwnsuiwcymao.biz | udp |
| US | 8.8.8.8:53 | inlsqenansnan.com | udp |
| US | 8.8.8.8:53 | gbpkhgfqbex.cc | udp |
| US | 8.8.8.8:53 | aylmbqeoya.biz | udp |
| US | 8.8.8.8:53 | yalqga.net | udp |
| US | 8.8.8.8:53 | wobzzwnansnan.com | udp |
| US | 8.8.8.8:53 | zxrihgn.cc | udp |
| US | 8.8.8.8:53 | oajgygeoya.biz | udp |
| US | 8.8.8.8:53 | wqcdhiiugkeq.info | udp |
| US | 8.8.8.8:53 | aptodqfqbex.cc | udp |
| US | 8.8.8.8:53 | uxkybodsholapet.org | udp |
| US | 8.8.8.8:53 | kqkucmiq.biz | udp |
| US | 8.8.8.8:53 | yeelwwiugkeq.info | udp |
| US | 8.8.8.8:53 | uftbdanansnan.org | udp |
| US | 8.8.8.8:53 | orgedodsholapet.cc | udp |
| US | 8.8.8.8:53 | ckjwws.biz | udp |
| US | 8.8.8.8:53 | wsqncmiq.biz | udp |
| US | 8.8.8.8:53 | oznoladsholapet.cc | udp |
| US | 8.8.8.8:53 | uymqdanansnan.cc | udp |
| US | 8.8.8.8:53 | sctaik.info | udp |
| US | 8.8.8.8:53 | cgeyaeiq.info | udp |
| US | 8.8.8.8:53 | qnpobwnansnan.com | udp |
| US | 8.8.8.8:53 | swgylwiugkeq.info | udp |
| US | 8.8.8.8:53 | iajimsuiwcymao.net | udp |
| US | 8.8.8.8:53 | nsjrhafox.com | udp |
| US | 8.8.8.8:53 | myerasdsholapet.com | udp |
| US | 8.8.8.8:53 | mcxevguiwcymao.biz | udp |
| US | 8.8.8.8:53 | ymnqisuiwcymao.biz | udp |
| US | 8.8.8.8:53 | epzhpadsholapet.org | udp |
| US | 8.8.8.8:53 | frkkjifox.cc | udp |
| US | 8.8.8.8:53 | ycmaemiq.info | udp |
| LT | 78.61.13.61:16754 | tcp | |
| US | 8.8.8.8:53 | jxzcesn.cc | udp |
| US | 8.8.8.8:53 | uecfvodsholapet.cc | udp |
| US | 8.8.8.8:53 | aidfuqeoya.biz | udp |
| US | 8.8.8.8:53 | ksovoiiugkeq.info | udp |
| US | 8.8.8.8:53 | dmnansn.cc | udp |
| US | 8.8.8.8:53 | uwwltodsholapet.com | udp |
| US | 8.8.8.8:53 | ocsoeaiugkeq.biz | udp |
| US | 8.8.8.8:53 | weoejaiq.info | udp |
| US | 8.8.8.8:53 | gertvkdsholapet.cc | udp |
| US | 8.8.8.8:53 | whstjwnansnan.cc | udp |
| US | 8.8.8.8:53 | iyyrimiq.net | udp |
| US | 8.8.8.8:53 | ekfomk.biz | udp |
| US | 8.8.8.8:53 | ttpwbwfox.com | udp |
| US | 8.8.8.8:53 | spofbodsholapet.com | udp |
| US | 8.8.8.8:53 | qyknfaiq.info | udp |
| US | 8.8.8.8:53 | mcjgkcuiwcymao.info | udp |
| US | 8.8.8.8:53 | igfaskdsholapet.org | udp |
| US | 8.8.8.8:53 | bssllifox.com | udp |
| US | 8.8.8.8:53 | gkpioa.net | udp |
| US | 8.8.8.8:53 | mwzcvo.info | udp |
| US | 8.8.8.8:53 | zgnsakn.com | udp |
| US | 8.8.8.8:53 | vtilrwfox.cc | udp |
| US | 8.8.8.8:53 | qaflhsuiwcymao.biz | udp |
| US | 8.8.8.8:53 | pwlipkn.cc | udp |
| US | 8.8.8.8:53 | hgigeifox.org | udp |
| US | 8.8.8.8:53 | qkoouaiugkeq.biz | udp |
| US | 8.8.8.8:53 | oockpsiugkeq.biz | udp |
| US | 8.8.8.8:53 | kflqhwnansnan.org | udp |
| US | 8.8.8.8:53 | owfwvqfqbex.org | udp |
| US | 8.8.8.8:53 | gmkaywiq.biz | udp |
| US | 8.8.8.8:53 | awdoageoya.biz | udp |
| US | 8.8.8.8:53 | qtrewqfqbex.cc | udp |
| US | 8.8.8.8:53 | ywzceyfqbex.org | udp |
| US | 8.8.8.8:53 | yuxiaguiwcymao.info | udp |
| US | 8.8.8.8:53 | uotqck.biz | udp |
| BG | 84.43.148.133:42762 | tcp | |
| US | 8.8.8.8:53 | aglbwyfqbex.org | udp |
| US | 8.8.8.8:53 | ztkqlsfox.org | udp |
| US | 8.8.8.8:53 | eesizmiq.biz | udp |
| US | 8.8.8.8:53 | sikygmiq.biz | udp |
| US | 8.8.8.8:53 | aubczufqbex.com | udp |
| US | 8.8.8.8:53 | rmcwswfox.cc | udp |
| US | 8.8.8.8:53 | sqvcokuiwcymao.net | udp |
| US | 8.8.8.8:53 | acbnza.biz | udp |
| US | 8.8.8.8:53 | grxjiadsholapet.org | udp |
| US | 8.8.8.8:53 | ftsszifox.org | udp |
| US | 8.8.8.8:53 | wmuasaiq.info | udp |
| US | 8.8.8.8:53 | wmtyfcuiwcymao.net | udp |
| US | 8.8.8.8:53 | oorajmnansnan.com | udp |
| US | 8.8.8.8:53 | czfmlufqbex.org | udp |
| US | 8.8.8.8:53 | ymfwugeoya.net | udp |
| US | 8.8.8.8:53 | ecwvmiiugkeq.biz | udp |
| US | 8.8.8.8:53 | gxdmjyfqbex.com | udp |
| US | 8.8.8.8:53 | kapmjgfqbex.org | udp |
| US | 8.8.8.8:53 | giecbeiq.net | udp |
| US | 8.8.8.8:53 | wgecnmiq.net | udp |
| US | 8.8.8.8:53 | idbxmenansnan.cc | udp |
| US | 8.8.8.8:53 | zaqnbifox.cc | udp |
| US | 8.8.8.8:53 | maksmaiugkeq.biz | udp |
| US | 8.8.8.8:53 | ieiaimiq.info | udp |
| US | 8.8.8.8:53 | bubcrifox.com | udp |
| US | 8.8.8.8:53 | kphesgfqbex.cc | udp |
| US | 8.8.8.8:53 | qqrmqyeoya.net | udp |
| US | 8.8.8.8:53 | gsjwmyeoya.info | udp |
| US | 8.8.8.8:53 | acjybkdsholapet.org | udp |
| US | 8.8.8.8:53 | pnglvifox.org | udp |
| US | 8.8.8.8:53 | eiryro.net | udp |
| US | 8.8.8.8:53 | agdrxgeoya.info | udp |
| US | 8.8.8.8:53 | hmvudifox.com | udp |
| US | 8.8.8.8:53 | vatadsn.cc | udp |
| US | 8.8.8.8:53 | yacmxaiq.net | udp |
| US | 8.8.8.8:53 | uilgxk.info | udp |
| US | 8.8.8.8:53 | islmzgfqbex.org | udp |
| US | 8.8.8.8:53 | oefqyqfqbex.org | udp |
| US | 8.8.8.8:53 | manctguiwcymao.net | udp |
| US | 8.8.8.8:53 | gkyuqaiugkeq.biz | udp |
| US | 8.8.8.8:53 | oxratmnansnan.org | udp |
| US | 8.8.8.8:53 | yqqbawnansnan.cc | udp |
| US | 8.8.8.8:53 | wqnupo.net | udp |
| US | 8.8.8.8:53 | iuzuiadsholapet.cc | udp |
| US | 8.8.8.8:53 | tmvtpkn.cc | udp |
| US | 8.8.8.8:53 | cugfziiugkeq.biz | udp |
| US | 8.8.8.8:53 | aepoha.info | udp |
| US | 8.8.8.8:53 | zkhoeifox.org | udp |
| US | 8.8.8.8:53 | yegjjenansnan.org | udp |
| US | 8.8.8.8:53 | cyvrsa.net | udp |
| US | 8.8.8.8:53 | mkxecs.info | udp |
| US | 8.8.8.8:53 | gsdegsdsholapet.cc | udp |
| US | 8.8.8.8:53 | zqysrsfox.org | udp |
| US | 8.8.8.8:53 | eqhpkueoya.biz | udp |
| US | 8.8.8.8:53 | ikjufgeoya.net | udp |
| US | 8.8.8.8:53 | gfbmogfqbex.com | udp |
| US | 8.8.8.8:53 | dwldhkn.org | udp |
| US | 8.8.8.8:53 | csxmwa.info | udp |
| BG | 195.234.87.61:38793 | tcp | |
| US | 8.8.8.8:53 | iqdeckuiwcymao.biz | udp |
| US | 8.8.8.8:53 | tsjeqafox.org | udp |
| US | 8.8.8.8:53 | ptloqgn.com | udp |
| US | 8.8.8.8:53 | iugakwiq.net | udp |
| US | 8.8.8.8:53 | isvwmkuiwcymao.info | udp |
| US | 8.8.8.8:53 | gknmwufqbex.cc | udp |
| US | 8.8.8.8:53 | iznihqfqbex.com | udp |
| US | 8.8.8.8:53 | uiwcjsiugkeq.biz | udp |
| US | 8.8.8.8:53 | gixftyeoya.info | udp |
| US | 8.8.8.8:53 | idvoxwnansnan.cc | udp |
| US | 8.8.8.8:53 | byzuxgn.cc | udp |
| US | 8.8.8.8:53 | iabuqguiwcymao.biz | udp |
| US | 8.8.8.8:53 | gjdfvwnansnan.com | udp |
| US | 8.8.8.8:53 | dffsrsn.org | udp |
| US | 8.8.8.8:53 | sivexyeoya.net | udp |
| US | 8.8.8.8:53 | uqpzckuiwcymao.info | udp |
| US | 8.8.8.8:53 | suzwfqfqbex.cc | udp |
| US | 8.8.8.8:53 | eszycs.net | udp |
| US | 8.8.8.8:53 | gcbgiguiwcymao.biz | udp |
| US | 8.8.8.8:53 | iefgbqfqbex.cc | udp |
| US | 8.8.8.8:53 | mymqnmnansnan.com | udp |
| US | 8.8.8.8:53 | cgpmps.net | udp |
| US | 8.8.8.8:53 | aulwxueoya.net | udp |
| US | 8.8.8.8:53 | orpjzqfqbex.com | udp |
| US | 8.8.8.8:53 | wglqssuiwcymao.biz | udp |
| US | 8.8.8.8:53 | cyayeaiugkeq.info | udp |
| US | 8.8.8.8:53 | sqdhpwnansnan.com | udp |
| US | 8.8.8.8:53 | snzmvgfqbex.cc | udp |
| US | 8.8.8.8:53 | moowyeiq.info | udp |
| US | 8.8.8.8:53 | kyahisiugkeq.biz | udp |
| US | 8.8.8.8:53 | mshmosdsholapet.org | udp |
| US | 8.8.8.8:53 | fieqtafox.cc | udp |
| US | 8.8.8.8:53 | weejmwiq.info | udp |
| US | 8.8.8.8:53 | sikaewiq.net | udp |
| US | 8.8.8.8:53 | zmjagwfox.org | udp |
| US | 8.8.8.8:53 | qluhvwnansnan.cc | udp |
| US | 8.8.8.8:53 | eatcucuiwcymao.biz | udp |
| US | 8.8.8.8:53 | cexuqgeoya.net | udp |
| US | 8.8.8.8:53 | qdzozwnansnan.org | udp |
| US | 8.8.8.8:53 | zbrcxgn.org | udp |
| US | 8.8.8.8:53 | gymyweiq.info | udp |
| US | 8.8.8.8:53 | aovyio.net | udp |
| US | 8.8.8.8:53 | ubnouadsholapet.com | udp |
| US | 8.8.8.8:53 | mifmcufqbex.cc | udp |
| US | 8.8.8.8:53 | qyybyiiugkeq.biz | udp |
| US | 8.8.8.8:53 | muacceiq.net | udp |
| US | 8.8.8.8:53 | egtpmodsholapet.org | udp |
| US | 8.8.8.8:53 | vfgjfafox.com | udp |
| US | 8.8.8.8:53 | swclbiiugkeq.net | udp |
| MK | 62.162.209.93:25221 | tcp | |
| US | 8.8.8.8:53 | getgao.biz | udp |
| US | 8.8.8.8:53 | cmnjbqfqbex.com | udp |
| US | 8.8.8.8:53 | zxsgxsfox.cc | udp |
| US | 8.8.8.8:53 | ukbpuyeoya.net | udp |
| US | 8.8.8.8:53 | qceocwiq.biz | udp |
| US | 8.8.8.8:53 | bdrwrifox.org | udp |
| US | 8.8.8.8:53 | cesojwnansnan.com | udp |
| US | 8.8.8.8:53 | ggdhoo.info | udp |
| US | 8.8.8.8:53 | ymezueiq.info | udp |
| US | 8.8.8.8:53 | eexmdsdsholapet.org | udp |
| US | 8.8.8.8:53 | nqxyqgn.cc | udp |
| US | 8.8.8.8:53 | comqjwiq.biz | udp |
| US | 8.8.8.8:53 | yqwkqeiq.biz | udp |
| US | 8.8.8.8:53 | ytzmhufqbex.com | udp |
| US | 8.8.8.8:53 | gyxyvufqbex.com | udp |
| US | 8.8.8.8:53 | osfiqyeoya.biz | udp |
| US | 8.8.8.8:53 | mcdgasuiwcymao.net | udp |
| US | 8.8.8.8:53 | xqdbzcn.cc | udp |
| US | 8.8.8.8:53 | fyocvifox.cc | udp |
| US | 8.8.8.8:53 | isekeaiugkeq.net | udp |
| US | 8.8.8.8:53 | wkzkwk.biz | udp |
| US | 8.8.8.8:53 | rplohafox.com | udp |
| US | 8.8.8.8:53 | axmiladsholapet.org | udp |
| US | 8.8.8.8:53 | kihkqkuiwcymao.biz | udp |
| US | 8.8.8.8:53 | gmlhva.info | udp |
| US | 8.8.8.8:53 | aczswufqbex.cc | udp |
| US | 8.8.8.8:53 | aieosadsholapet.cc | udp |
| US | 8.8.8.8:53 | ggmyveiq.info | udp |
| US | 8.8.8.8:53 | xkzsbgn.com | udp |
| US | 8.8.8.8:53 | vjrgrcn.cc | udp |
| US | 8.8.8.8:53 | sartiyeoya.net | udp |
| US | 8.8.8.8:53 | qrvuvufqbex.com | udp |
| US | 8.8.8.8:53 | jonuakn.com | udp |
| US | 8.8.8.8:53 | imvuiyeoya.biz | udp |
| US | 8.8.8.8:53 | owngpa.biz | udp |
| US | 8.8.8.8:53 | avhlmyfqbex.cc | udp |
| US | 8.8.8.8:53 | utiyvenansnan.org | udp |
| US | 8.8.8.8:53 | wykiwwiugkeq.info | udp |
| US | 8.8.8.8:53 | osusqmiq.biz | udp |
| US | 8.8.8.8:53 | sczrvufqbex.org | udp |
| BG | 78.40.139.120:14679 | tcp | |
| US | 8.8.8.8:53 | qikivodsholapet.com | udp |
| US | 8.8.8.8:53 | mehcsyeoya.biz | udp |
| US | 8.8.8.8:53 | mkybywiugkeq.net | udp |
| US | 8.8.8.8:53 | xhhmuifox.cc | udp |
| US | 8.8.8.8:53 | lyfwngn.com | udp |
| US | 8.8.8.8:53 | uafdiguiwcymao.net | udp |
| US | 8.8.8.8:53 | eyrvmguiwcymao.biz | udp |
| US | 8.8.8.8:53 | eqjsisdsholapet.com | udp |
| US | 8.8.8.8:53 | eqkpxanansnan.com | udp |
| US | 8.8.8.8:53 | iybujyeoya.biz | udp |
| US | 8.8.8.8:53 | yuhgyo.biz | udp |
| US | 8.8.8.8:53 | kcdfasdsholapet.cc | udp |
| US | 8.8.8.8:53 | besntafox.com | udp |
| US | 8.8.8.8:53 | eqmumwiq.net | udp |
| US | 8.8.8.8:53 | egvwaa.biz | udp |
| US | 8.8.8.8:53 | xbxisafox.com | udp |
| US | 8.8.8.8:53 | qnozvwnansnan.org | udp |
| US | 8.8.8.8:53 | akpomo.net | udp |
| US | 8.8.8.8:53 | oyacsaiugkeq.info | udp |
| US | 8.8.8.8:53 | eutjzsdsholapet.cc | udp |
| US | 8.8.8.8:53 | owsuzwnansnan.org | udp |
| US | 8.8.8.8:53 | cgymowiq.biz | udp |
| US | 8.8.8.8:53 | mmfcecuiwcymao.biz | udp |
| US | 8.8.8.8:53 | cwdapgfqbex.cc | udp |
| US | 8.8.8.8:53 | lqvjfsn.cc | udp |
| US | 8.8.8.8:53 | oiuyisiugkeq.info | udp |
| US | 8.8.8.8:53 | ysfoqguiwcymao.biz | udp |
| US | 8.8.8.8:53 | yrhqrqfqbex.cc | udp |
| US | 8.8.8.8:53 | crmmvsdsholapet.org | udp |
| US | 8.8.8.8:53 | gitzhs.info | udp |
| US | 8.8.8.8:53 | qkiqfwiq.info | udp |
| US | 8.8.8.8:53 | ljxqosfox.org | udp |
| US | 8.8.8.8:53 | wndyoufqbex.com | udp |
| US | 8.8.8.8:53 | acjkvk.info | udp |
| US | 8.8.8.8:53 | ginmmyeoya.net | udp |
| US | 8.8.8.8:53 | zazemafox.com | udp |
| US | 8.8.8.8:53 | oszimqeoya.info | udp |
| US | 8.8.8.8:53 | cwbggyeoya.biz | udp |
| US | 8.8.8.8:53 | rvlrtafox.com | udp |
| US | 8.8.8.8:53 | tgeshafox.cc | udp |
| US | 8.8.8.8:53 | uunoak.info | udp |
| US | 8.8.8.8:53 | qckmqeiq.biz | udp |
| US | 8.8.8.8:53 | mwdgrkdsholapet.cc | udp |
| US | 8.8.8.8:53 | pfgoksfox.cc | udp |
| US | 8.8.8.8:53 | qweicmiq.biz | udp |
| US | 8.8.8.8:53 | skhhiqeoya.biz | udp |
| US | 8.8.8.8:53 | vbznrgn.org | udp |
| US | 8.8.8.8:53 | srjilyfqbex.org | udp |
| US | 8.8.8.8:53 | qmdeho.biz | udp |
| US | 8.8.8.8:53 | uyxyaguiwcymao.net | udp |
| US | 8.8.8.8:53 | zmjcssn.cc | udp |
| US | 8.8.8.8:53 | qregladsholapet.org | udp |
| US | 8.8.8.8:53 | ecxmyqeoya.info | udp |
| US | 8.8.8.8:53 | konziueoya.info | udp |
| US | 8.8.8.8:53 | lxlshsfox.cc | udp |
| US | 8.8.8.8:53 | uquqtwnansnan.org | udp |
| US | 8.8.8.8:53 | yybqus.net | udp |
| US | 8.8.8.8:53 | wsugqwiugkeq.biz | udp |
| US | 8.8.8.8:53 | xufincn.cc | udp |
| US | 8.8.8.8:53 | aykcjmnansnan.org | udp |
| US | 8.8.8.8:53 | oukykaiugkeq.net | udp |
| US | 8.8.8.8:53 | qutejs.biz | udp |
| US | 8.8.8.8:53 | cgxlzqfqbex.cc | udp |
| US | 8.8.8.8:53 | uhvilyfqbex.com | udp |
| US | 8.8.8.8:53 | umjaoueoya.biz | udp |
| US | 8.8.8.8:53 | suxenyfqbex.com | udp |
| BG | 95.42.150.211:16028 | tcp | |
| US | 8.8.8.8:53 | bbbqogn.cc | udp |
| US | 8.8.8.8:53 | uyssoiiugkeq.info | udp |
| US | 8.8.8.8:53 | ighgjs.biz | udp |
| US | 8.8.8.8:53 | ccfscyfqbex.org | udp |
| US | 8.8.8.8:53 | yayvdenansnan.cc | udp |
| US | 8.8.8.8:53 | mqleuk.biz | udp |
| US | 8.8.8.8:53 | iodwkk.info | udp |
| US | 8.8.8.8:53 | txjfrsfox.com | udp |
| US | 8.8.8.8:53 | aazpsguiwcymao.biz | udp |
| US | 8.8.8.8:53 | uykmdeiq.biz | udp |
| US | 8.8.8.8:53 | mhzuwmnansnan.cc | udp |
| US | 8.8.8.8:53 | uplovyfqbex.org | udp |
| US | 8.8.8.8:53 | akfhkcuiwcymao.info | udp |
| US | 8.8.8.8:53 | qgwoqsiugkeq.net | udp |
| US | 8.8.8.8:53 | hjjzngn.org | udp |
| US | 8.8.8.8:53 | axwbladsholapet.org | udp |
| US | 8.8.8.8:53 | waymuwiq.biz | udp |
| US | 8.8.8.8:53 | iucsusiugkeq.biz | udp |
| US | 8.8.8.8:53 | pkdrqafox.com | udp |
| US | 8.8.8.8:53 | wmbmlufqbex.com | udp |
| US | 8.8.8.8:53 | waenbiiugkeq.biz | udp |
| US | 8.8.8.8:53 | mersoqeoya.biz | udp |
| US | 8.8.8.8:53 | sudayanansnan.org | udp |
| US | 8.8.8.8:53 | ycsceiiugkeq.net | udp |
| US | 8.8.8.8:53 | scbzksuiwcymao.info | udp |
| US | 8.8.8.8:53 | oitcuqfqbex.cc | udp |
| US | 8.8.8.8:53 | uoiydkdsholapet.org | udp |
| US | 8.8.8.8:53 | wwbqrcuiwcymao.info | udp |
| US | 8.8.8.8:53 | imdeek.info | udp |
| US | 8.8.8.8:53 | iqldiodsholapet.cc | udp |
| US | 8.8.8.8:53 | phqkvwfox.com | udp |
| US | 8.8.8.8:53 | owdajs.biz | udp |
| US | 8.8.8.8:53 | kqvkns.net | udp |
| US | 8.8.8.8:53 | vxaebafox.cc | udp |
| US | 8.8.8.8:53 | mmbvxs.info | udp |
| US | 8.8.8.8:53 | sooteiiugkeq.biz | udp |
| US | 8.8.8.8:53 | eebuikdsholapet.com | udp |
| US | 8.8.8.8:53 | oaxkjyfqbex.org | udp |
| US | 8.8.8.8:53 | akzwsguiwcymao.info | udp |
| US | 8.8.8.8:53 | sgpxsqeoya.biz | udp |
| US | 8.8.8.8:53 | xcvpnsfox.com | udp |
| US | 8.8.8.8:53 | owkwlwnansnan.com | udp |
| US | 8.8.8.8:53 | wyciqwiugkeq.info | udp |
| US | 8.8.8.8:53 | auoiuaiugkeq.info | udp |
| US | 8.8.8.8:53 | gahujsdsholapet.org | udp |
| US | 8.8.8.8:53 | vqtsgkn.com | udp |
| US | 8.8.8.8:53 | oodymo.net | udp |
| US | 8.8.8.8:53 | oaqxkaiugkeq.info | udp |
| LT | 89.116.143.149:20585 | tcp | |
| US | 8.8.8.8:53 | xjnyvafox.org | udp |
| US | 8.8.8.8:53 | kcwidmnansnan.cc | udp |
| US | 8.8.8.8:53 | usmeciiugkeq.biz | udp |
| US | 8.8.8.8:53 | eugwbsiugkeq.biz | udp |
| US | 8.8.8.8:53 | fyflfkn.org | udp |
| US | 8.8.8.8:53 | riykswfox.cc | udp |
| US | 8.8.8.8:53 | uklyqa.biz | udp |
| US | 8.8.8.8:53 | ssgskwiq.net | udp |
| US | 8.8.8.8:53 | fddysifox.org | udp |
| US | 8.8.8.8:53 | goragufqbex.com | udp |
| US | 8.8.8.8:53 | ombweqeoya.net | udp |
| US | 8.8.8.8:53 | swbrgcuiwcymao.info | udp |
| US | 8.8.8.8:53 | zbtkbcn.org | udp |
| US | 8.8.8.8:53 | yessjmnansnan.org | udp |
| US | 8.8.8.8:53 | eapisguiwcymao.biz | udp |
| US | 8.8.8.8:53 | uktock.info | udp |
| US | 8.8.8.8:53 | bhdiokn.com | udp |
| US | 8.8.8.8:53 | mcmzqkdsholapet.org | udp |
| US | 8.8.8.8:53 | gqviuyeoya.biz | udp |
| US | 8.8.8.8:53 | ywyucaiugkeq.net | udp |
| US | 8.8.8.8:53 | wuhphyfqbex.org | udp |
| US | 8.8.8.8:53 | qloxdenansnan.com | udp |
| US | 8.8.8.8:53 | seporueoya.biz | udp |
| US | 8.8.8.8:53 | yiwsgeiq.info | udp |
| BG | 95.43.197.73:36325 | tcp | |
| US | 8.8.8.8:53 | gooelkdsholapet.com | udp |
| US | 8.8.8.8:53 | iqpjrueoya.biz | udp |
| US | 8.8.8.8:53 | yspsgk.net | udp |
| US | 8.8.8.8:53 | mbxihanansnan.cc | udp |
| US | 8.8.8.8:53 | uwubwanansnan.org | udp |
| US | 8.8.8.8:53 | uyayqwiugkeq.net | udp |
| US | 8.8.8.8:53 | cgimuwiugkeq.net | udp |
| US | 8.8.8.8:53 | iddqwqfqbex.cc | udp |
| US | 8.8.8.8:53 | uqnlbcuiwcymao.biz | udp |
| US | 8.8.8.8:53 | quzxoa.info | udp |
| US | 8.8.8.8:53 | mchwdanansnan.cc | udp |
| US | 8.8.8.8:53 | kqpskgeoya.biz | udp |
| US | 8.8.8.8:53 | qwlrvqeoya.net | udp |
| US | 8.8.8.8:53 | hrnudsfox.com | udp |
| US | 8.8.8.8:53 | aigenadsholapet.org | udp |
| US | 8.8.8.8:53 | sofmgs.biz | udp |
| US | 8.8.8.8:53 | sgbyko.info | udp |
| US | 8.8.8.8:53 | tozeksn.cc | udp |
| US | 8.8.8.8:53 | gxksrmnansnan.cc | udp |
| US | 8.8.8.8:53 | muxyoa.net | udp |
| US | 8.8.8.8:53 | osrqqqeoya.net | udp |
| US | 8.8.8.8:53 | cqznqsdsholapet.com | udp |
| US | 8.8.8.8:53 | scauaenansnan.org | udp |
| US | 8.8.8.8:53 | mevpuqeoya.biz | udp |
| US | 8.8.8.8:53 | aoiajwiq.biz | udp |
| US | 8.8.8.8:53 | ssxyxyfqbex.com | udp |
| US | 8.8.8.8:53 | smawxwiq.info | udp |
| US | 8.8.8.8:53 | mqvoos.info | udp |
| US | 8.8.8.8:53 | kbdpjsdsholapet.cc | udp |
| US | 8.8.8.8:53 | ebganmnansnan.cc | udp |
| US | 8.8.8.8:53 | iqgutmiq.biz | udp |
| US | 8.8.8.8:53 | umyehaiugkeq.biz | udp |
| US | 8.8.8.8:53 | nqjszwfox.org | udp |
| US | 8.8.8.8:53 | rxpwhsn.org | udp |
| US | 8.8.8.8:53 | ceaoqmiq.info | udp |
| US | 8.8.8.8:53 | yumeraiugkeq.net | udp |
| US | 8.8.8.8:53 | qfrqhadsholapet.org | udp |
| US | 8.8.8.8:53 | inemlenansnan.org | udp |
| US | 8.8.8.8:53 | esdwxo.net | udp |
| US | 8.8.8.8:53 | amxgxodsholapet.org | udp |
| US | 8.8.8.8:53 | oxwyzwnansnan.cc | udp |
| US | 8.8.8.8:53 | qsvcxguiwcymao.biz | udp |
| US | 8.8.8.8:53 | keacqaiq.net | udp |
| US | 8.8.8.8:53 | whlptkdsholapet.org | udp |
| US | 8.8.8.8:53 | uiesrmnansnan.com | udp |
| US | 8.8.8.8:53 | wmhiwgeoya.net | udp |
| US | 8.8.8.8:53 | iypmnqfqbex.com | udp |
| US | 8.8.8.8:53 | fzhebgn.com | udp |
| US | 8.8.8.8:53 | gufuwueoya.net | udp |
| US | 8.8.8.8:53 | ceyxisiugkeq.biz | udp |
| US | 8.8.8.8:53 | yihkdufqbex.com | udp |
| US | 8.8.8.8:53 | yhcvdanansnan.org | udp |
| US | 8.8.8.8:53 | mgaeewiugkeq.info | udp |
| US | 8.8.8.8:53 | aoqyewiq.net | udp |
| BG | 93.183.185.47:23345 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
| MD5 | 85cb856b920e7b0b7b75115336fc2af2 |
| SHA1 | 1d1a207efec2f5187583b652c35aef74ee4c473f |
| SHA256 | 6fff20aabe8265b6e811c9dbcb987f9c15cf07d1d8b80ced7b287d96900f5c62 |
| SHA512 | 120ff9c77c19216e5691b6ba812f09f7db7b46685a391027fff56e5b73200f4211b6bac2c2d28cdfe461d1fbf10f1a3204adeedbd0a34a034a862c6278d901e8 |
C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe
| MD5 | b19410583c5cac21e5066dee43513859 |
| SHA1 | 5a1f933d7ce3a7d5b2001051e4dad32ac0bfeb35 |
| SHA256 | 226da79bd298b6c72453572e2f34a1b40e19db0c51e10197ac00daf0d499b770 |
| SHA512 | c98e8ebcdeeb687d95d20be83d4a7c344c900c6a56fc508d9f4f42789e8dcd35d2c2ea8a142bdfc9da07db382f069b2d41a2bbf6bcf0b7b9a1e24ee3c0bc814c |
C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe
| MD5 | 7fa45da35a4539fc49779fb80ce640fe |
| SHA1 | ffca0bc52006e6833571510b38106d58e180b26e |
| SHA256 | ff70a387540245caee3ba339fb5fa5ea4ed89a9efa522bfd26e9bf38413ea3f5 |
| SHA512 | bb96916b04addd58d125792ca46e2b4821e98c03148285a0a07a209a6524088af41b44ba2b4f8cc0ab6beb60734beb72804cebb0aecfa91345e8e18f8382fa18 |
C:\Users\Admin\AppData\Local\jpooszdbeimxlkdhhjlrqqubf.gko
| MD5 | 4aa2d6f69896352d0c7d99703b8d477d |
| SHA1 | eab2982e91c11fdbcb20129baf15a86b0c4a6fcf |
| SHA256 | d74820962239e677fa43b31ad88b88b0d559e0764b58cc2f06976e3b5613990c |
| SHA512 | 2494d4a5a72814d176da2beddd67d1b2cf0181ff85e6a5a0bf21c8c4c22c1289c60887f30d608d0462b344ac614ed324db56f7a4f9b014f4e1cdae91aedde09b |
C:\Users\Admin\AppData\Local\ofpaphwftixtscgvgtgxhshzoxlaplkuynyl.pzk
| MD5 | 4c2cfe8ece9fe362153ac7543bbb7519 |
| SHA1 | 116db93440d1180c9da15dd0f2fe68846362dc4e |
| SHA256 | 238180d34f131a807ab279183caded384f71fd4d03b2583517b75c89fc043318 |
| SHA512 | 222a16599b5f49e4462325fe17a492f9857a85cc04e969221e20206c883479e7effaf085fbc6b10d87335a2e6af706932dc27f22333159391213b904d6fb74c0 |
C:\Program Files (x86)\jpooszdbeimxlkdhhjlrqqubf.gko
| MD5 | fb6c00763badea15aa679ec6d2fbc505 |
| SHA1 | 60df274d36e1005799c29aa7ee60ece9e06dab14 |
| SHA256 | 438177aa404b1adcdc494be7d115e624e8fa55a17a0626ca9a14b3ccee317636 |
| SHA512 | a804f6979731a99fe8cde2166367f8fefca74ba576c7f5d7e8a5b2e4aa0b927d48d2fb10b14d4464bdb055f1d048e5f3f6302a97fd445a6e5354e33a3a2bde71 |
C:\Program Files (x86)\jpooszdbeimxlkdhhjlrqqubf.gko
| MD5 | 0f265654cce096d5a7710f11ddbb75e7 |
| SHA1 | 8d8c3c2547136a25f261758a638c99fc7e513ddd |
| SHA256 | d35f85ff6f50bd3782e1ddd4c095c425d8bb9b597aa025b943157b332b92fdd0 |
| SHA512 | 47a40815393fa17a2f00106fc2df9f86fa5eef234108971de9b8a47fc3b66fbb8c8a078e1efb2a9caf33d0c8f6415236642a874435ffc37c65eb2ba48486c80f |
C:\Program Files (x86)\jpooszdbeimxlkdhhjlrqqubf.gko
| MD5 | 0910031ab177413b18f1f45fbe2c7a4d |
| SHA1 | f42970171f047e6224829b2f9435982a6b2a542f |
| SHA256 | 510a0975a5ee828513d69ada93e0b8f42c0e5e5afdc0b07f8a2dd1dd05048bb2 |
| SHA512 | b9ff7887cbff55771b01c07d9c95e257e9c1620c99341ca746f5eb6d4a25456782fff324ee4fd901fface40b132fde2812e43e15fea7f54ef072a6ac132f2c50 |
C:\Program Files (x86)\jpooszdbeimxlkdhhjlrqqubf.gko
| MD5 | 360c8e9be904d9aea8642554b247f2b0 |
| SHA1 | 7dbb4b1b7dc01c6ad839b863952fe9974a59f253 |
| SHA256 | 3953df9da7727c3ba226db61c39a04821040993832e11ff4dae9819b9ad95bfe |
| SHA512 | 7e2d283de1060b8ce17e1148491763cc8fa333afa734a5d2e4cb9f8c67622c20e54466dd241b1a114dd81c9ddc489b721ab70c065bb76af5742d04f9e2cb45d8 |
C:\Program Files (x86)\jpooszdbeimxlkdhhjlrqqubf.gko
| MD5 | 5a1c910726f1feaf6aac00be29cd6be7 |
| SHA1 | 7a96b607d34b88c7402c4a8090e8d25fd352430c |
| SHA256 | b0e93fd0131351d31515c193fe2e1d9d18411ccdf206f85566b0b124f2c86fe2 |
| SHA512 | 6981581ee2b3398a5950e36176b0fcfe045c2108aa8104a99649af3d3d0be2cd0c3ac43413548f23a1017dabdc5f48152b8e55a2dfa79501b570a2a747b75167 |
C:\Program Files (x86)\jpooszdbeimxlkdhhjlrqqubf.gko
| MD5 | 5930b52604f8ad818aa84109c3b56923 |
| SHA1 | 1e422ff0dd98d1f7ee599a7a95976f8cba0ea8c4 |
| SHA256 | 94ef414bb89d575218fbbd4b177ca956dbfc496499f78e49eb4faebcde1880f8 |
| SHA512 | 4fab6c669c5bf855889cc0bbdc4d78848e548b13895b693ba30d76b6394779acb97cb404525fa60c52d96643bcfa1ff058d1e3b03f0529ecd061a94197672c6d |