Analysis Overview
SHA256
13e8f8cf343f9c910a2a465fbfb2504a07fb9224bfad739ab6d70ce8c70681b6
Threat Level: Known bad
The file JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce was found to be: Known bad.
Malicious Activity Summary
Pykspa
Pykspa family
Modifies WinLogon for persistence
UAC bypass
Detect Pykspa worm
Adds policy Run key to start application
Disables RegEdit via registry modification
Impair Defenses: Safe Mode Boot
Executes dropped EXE
Checks computer location settings
Checks whether UAC is enabled
Adds Run key to start application
Looks up external IP address via web service
Hijack Execution Flow: Executable Installer File Permissions Weakness
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of AdjustPrivilegeToken
System policy modification
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-12 14:41
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-12 14:41
Reported
2025-04-12 14:44
Platform
win10v2004-20250410-en
Max time kernel
39s
Max time network
152s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zugzxmmbxlmqfoiyqkf.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oitliwvjerruiqjypi.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zugzxmmbxlmqfoiyqkf.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "oitliwvjerruiqjypi.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "bymhhyarpfiofqmeyurfa.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "fyizvigtnzyanumaq.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "mivpoefvshjoeojatokx.exe" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zugzxmmbxlmqfoiyqkf.exe" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zugzxmmbxlmqfoiyqkf.exe" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "oitliwvjerruiqjypi.exe" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zugzxmmbxlmqfoiyqkf.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\istdit = "igvtmleykfbdiyidunec.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bymhhyarpfiofqmeyurfa.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zugzxmmbxlmqfoiyqkf.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "fyizvigtnzyanumaq.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "zugzxmmbxlmqfoiyqkf.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kgtpgdumwpjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "fyizvigtnzyanumaq.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bymhhyarpfiofqmeyurfa.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "yqzpkwtfyjhiuare.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "fyizvigtnzyanumaq.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "fyizvigtnzyanumaq.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mivpoefvshjoeojatokx.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mivpoefvshjoeojatokx.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "yqzpkwtfyjhiuare.exe" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "yqzpkwtfyjhiuare.exe" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "mivpoefvshjoeojatokx.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "yqzpkwtfyjhiuare.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "oitliwvjerruiqjypi.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zugzxmmbxlmqfoiyqkf.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "yqzpkwtfyjhiuare.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oitliwvjerruiqjypi.exe" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "mivpoefvshjoeojatokx.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "bymhhyarpfiofqmeyurfa.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mivpoefvshjoeojatokx.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\zugzxmmbxlmqfoiyqkf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\bymhhyarpfiofqmeyurfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\bymhhyarpfiofqmeyurfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\yqzpkwtfyjhiuare.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\oitliwvjerruiqjypi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\mivpoefvshjoeojatokx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\yqzpkwtfyjhiuare.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\mivpoefvshjoeojatokx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\oitliwvjerruiqjypi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\fyizvigtnzyanumaq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\fyizvigtnzyanumaq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\zugzxmmbxlmqfoiyqkf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\oitliwvjerruiqjypi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\fyizvigtnzyanumaq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\oitliwvjerruiqjypi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\mivpoefvshjoeojatokx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\fyizvigtnzyanumaq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\oitliwvjerruiqjypi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\zugzxmmbxlmqfoiyqkf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\oitliwvjerruiqjypi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\yqzpkwtfyjhiuare.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\bymhhyarpfiofqmeyurfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\fyizvigtnzyanumaq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\fyizvigtnzyanumaq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\mivpoefvshjoeojatokx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\oitliwvjerruiqjypi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\fyizvigtnzyanumaq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\fyizvigtnzyanumaq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\bymhhyarpfiofqmeyurfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\zugzxmmbxlmqfoiyqkf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\oitliwvjerruiqjypi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\oitliwvjerruiqjypi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\mivpoefvshjoeojatokx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\bymhhyarpfiofqmeyurfa.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mutzkm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tgkvlskrfle = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mivpoefvshjoeojatokx.exe ." | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mutzkm = "mivpoefvshjoeojatokx.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe ." | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oitliwvjerruiqjypi.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mutzkm = "yqzpkwtfyjhiuare.exe" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mutzkm = "bymhhyarpfiofqmeyurfa.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tgkvlskrfle = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqsbpukpb = "zugzxmmbxlmqfoiyqkf.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tgkvlskrfle = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bymhhyarpfiofqmeyurfa.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mutzkm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yqzpkwtfyjhiuare.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "oitliwvjerruiqjypi.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yknxmsjpch = "oitliwvjerruiqjypi.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yknxmsjpch = "yqzpkwtfyjhiuare.exe ." | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yknxmsjpch = "fyizvigtnzyanumaq.exe ." | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tgkvlskrfle = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bymhhyarpfiofqmeyurfa.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mutzkm = "bymhhyarpfiofqmeyurfa.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqsbpukpb = "bymhhyarpfiofqmeyurfa.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mutzkm = "yqzpkwtfyjhiuare.exe" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqsbpukpb = "bymhhyarpfiofqmeyurfa.exe" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqsbpukpb = "yqzpkwtfyjhiuare.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mutzkm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mivpoefvshjoeojatokx.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yqzpkwtfyjhiuare.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mutzkm = "bymhhyarpfiofqmeyurfa.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "zugzxmmbxlmqfoiyqkf.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqsbpukpb = "oitliwvjerruiqjypi.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "fyizvigtnzyanumaq.exe ." | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yknxmsjpch = "fyizvigtnzyanumaq.exe ." | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tgkvlskrfle = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bymhhyarpfiofqmeyurfa.exe ." | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqsbpukpb = "mivpoefvshjoeojatokx.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yqzpkwtfyjhiuare.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mutzkm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zugzxmmbxlmqfoiyqkf.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mutzkm = "zugzxmmbxlmqfoiyqkf.exe" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yknxmsjpch = "bymhhyarpfiofqmeyurfa.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "mivpoefvshjoeojatokx.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mutzkm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mivpoefvshjoeojatokx.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yknxmsjpch = "mivpoefvshjoeojatokx.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qejvmunvkrli = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bymhhyarpfiofqmeyurfa.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mutzkm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oitliwvjerruiqjypi.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mutzkm = "yqzpkwtfyjhiuare.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yknxmsjpch = "yqzpkwtfyjhiuare.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "zugzxmmbxlmqfoiyqkf.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqsbpukpb = "fyizvigtnzyanumaq.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "mivpoefvshjoeojatokx.exe ." | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qejvmunvkrli = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mivpoefvshjoeojatokx.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mutzkm = "oitliwvjerruiqjypi.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qejvmunvkrli = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bymhhyarpfiofqmeyurfa.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mutzkm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zugzxmmbxlmqfoiyqkf.exe ." | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bymhhyarpfiofqmeyurfa.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yknxmsjpch = "oitliwvjerruiqjypi.exe ." | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bymhhyarpfiofqmeyurfa.exe ." | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "zugzxmmbxlmqfoiyqkf.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yknxmsjpch = "oitliwvjerruiqjypi.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tgkvlskrfle = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zugzxmmbxlmqfoiyqkf.exe ." | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mutzkm = "oitliwvjerruiqjypi.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bymhhyarpfiofqmeyurfa.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yknxmsjpch = "fyizvigtnzyanumaq.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "bymhhyarpfiofqmeyurfa.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qejvmunvkrli = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yqzpkwtfyjhiuare.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\fyizvigtnzyanumaq.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yqzpkwtfyjhiuare.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yqzpkwtfyjhiuare.exe | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fyizvigtnzyanumaq.exe | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fyizvigtnzyanumaq.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fyizvigtnzyanumaq.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sqfbcuxpofjqiurkfcaplm.exe | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yqzpkwtfyjhiuare.exe | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fyizvigtnzyanumaq.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sqfbcuxpofjqiurkfcaplm.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fyizvigtnzyanumaq.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sqfbcuxpofjqiurkfcaplm.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sqfbcuxpofjqiurkfcaplm.exe | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zugzxmmbxlmqfoiyqkf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sqfbcuxpofjqiurkfcaplm.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zugzxmmbxlmqfoiyqkf.exe | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zugzxmmbxlmqfoiyqkf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fyizvigtnzyanumaq.exe | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fyizvigtnzyanumaq.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yqzpkwtfyjhiuare.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yqzpkwtfyjhiuare.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yqzpkwtfyjhiuare.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sqfbcuxpofjqiurkfcaplm.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fyizvigtnzyanumaq.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\qgnbuezjajfeoshsfukrfyidnenjiswlwjyo.jcm | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yqzpkwtfyjhiuare.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zugzxmmbxlmqfoiyqkf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zugzxmmbxlmqfoiyqkf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yqzpkwtfyjhiuare.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yqzpkwtfyjhiuare.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\lqmpxwgfljuihaeegkplowvfe.ith | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File created | C:\Program Files (x86)\lqmpxwgfljuihaeegkplowvfe.ith | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Program Files (x86)\qgnbuezjajfeoshsfukrfyidnenjiswlwjyo.jcm | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File created | C:\Program Files (x86)\qgnbuezjajfeoshsfukrfyidnenjiswlwjyo.jcm | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\fyizvigtnzyanumaq.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\sqfbcuxpofjqiurkfcaplm.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\zugzxmmbxlmqfoiyqkf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\yqzpkwtfyjhiuare.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\yqzpkwtfyjhiuare.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\sqfbcuxpofjqiurkfcaplm.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\mivpoefvshjoeojatokx.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\sqfbcuxpofjqiurkfcaplm.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\fyizvigtnzyanumaq.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\mivpoefvshjoeojatokx.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\mivpoefvshjoeojatokx.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\sqfbcuxpofjqiurkfcaplm.exe | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\zugzxmmbxlmqfoiyqkf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\bymhhyarpfiofqmeyurfa.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\sqfbcuxpofjqiurkfcaplm.exe | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\bymhhyarpfiofqmeyurfa.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\bymhhyarpfiofqmeyurfa.exe | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\mivpoefvshjoeojatokx.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\yqzpkwtfyjhiuare.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\bymhhyarpfiofqmeyurfa.exe | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\fyizvigtnzyanumaq.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\zugzxmmbxlmqfoiyqkf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\bymhhyarpfiofqmeyurfa.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\mivpoefvshjoeojatokx.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\zugzxmmbxlmqfoiyqkf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\bymhhyarpfiofqmeyurfa.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\yqzpkwtfyjhiuare.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\zugzxmmbxlmqfoiyqkf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\mivpoefvshjoeojatokx.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\zugzxmmbxlmqfoiyqkf.exe | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File created | C:\Windows\qgnbuezjajfeoshsfukrfyidnenjiswlwjyo.jcm | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\sqfbcuxpofjqiurkfcaplm.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\bymhhyarpfiofqmeyurfa.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\zugzxmmbxlmqfoiyqkf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\zugzxmmbxlmqfoiyqkf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\fyizvigtnzyanumaq.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\sqfbcuxpofjqiurkfcaplm.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\zugzxmmbxlmqfoiyqkf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\sqfbcuxpofjqiurkfcaplm.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\sqfbcuxpofjqiurkfcaplm.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\fyizvigtnzyanumaq.exe | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\mivpoefvshjoeojatokx.exe | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\mivpoefvshjoeojatokx.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\bymhhyarpfiofqmeyurfa.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\sqfbcuxpofjqiurkfcaplm.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\fyizvigtnzyanumaq.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\zugzxmmbxlmqfoiyqkf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\oitliwvjerruiqjypi.exe | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\mivpoefvshjoeojatokx.exe | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| File opened for modification | C:\Windows\fyizvigtnzyanumaq.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\zugzxmmbxlmqfoiyqkf.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\bymhhyarpfiofqmeyurfa.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mivpoefvshjoeojatokx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mivpoefvshjoeojatokx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zugzxmmbxlmqfoiyqkf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fyizvigtnzyanumaq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fyizvigtnzyanumaq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zugzxmmbxlmqfoiyqkf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yqzpkwtfyjhiuare.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yqzpkwtfyjhiuare.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oitliwvjerruiqjypi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fyizvigtnzyanumaq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oitliwvjerruiqjypi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fyizvigtnzyanumaq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zugzxmmbxlmqfoiyqkf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mivpoefvshjoeojatokx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bymhhyarpfiofqmeyurfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fyizvigtnzyanumaq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oitliwvjerruiqjypi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oitliwvjerruiqjypi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zugzxmmbxlmqfoiyqkf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bymhhyarpfiofqmeyurfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oitliwvjerruiqjypi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mivpoefvshjoeojatokx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yqzpkwtfyjhiuare.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oitliwvjerruiqjypi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fyizvigtnzyanumaq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yqzpkwtfyjhiuare.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bymhhyarpfiofqmeyurfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fyizvigtnzyanumaq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oitliwvjerruiqjypi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oitliwvjerruiqjypi.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\mutzkm.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe"
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b28fa6555cafc95802f3ddea94c609ce.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe .
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yqzpkwtfyjhiuare.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."
C:\Users\Admin\AppData\Local\Temp\mutzkm.exe
"C:\Users\Admin\AppData\Local\Temp\mutzkm.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_b28fa6555cafc95802f3ddea94c609ce.exe"
C:\Users\Admin\AppData\Local\Temp\mutzkm.exe
"C:\Users\Admin\AppData\Local\Temp\mutzkm.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_b28fa6555cafc95802f3ddea94c609ce.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe .
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe .
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe .
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mivpoefvshjoeojatokx.exe*."
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yqzpkwtfyjhiuare.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yqzpkwtfyjhiuare.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe .
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yqzpkwtfyjhiuare.exe*."
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe .
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yqzpkwtfyjhiuare.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yqzpkwtfyjhiuare.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mivpoefvshjoeojatokx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yqzpkwtfyjhiuare.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yqzpkwtfyjhiuare.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yqzpkwtfyjhiuare.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bwidtpfwfxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .
C:\Windows\bwidtpfwfxqpreldr.exe
bwidtpfwfxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bwidtpfwfxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mivpoefvshjoeojatokx.exe*."
C:\Windows\bwidtpfwfxqpreldr.exe
bwidtpfwfxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vsgdvtlepjefjyhbrjz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bwidtpfwfxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bwidtpfwfxqpreldr.exe*."
C:\Windows\vsgdvtlepjefjyhbrjz.exe
vsgdvtlepjefjyhbrjz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Windows\bwidtpfwfxqpreldr.exe
bwidtpfwfxqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bwidtpfwfxqpreldr.exe*."
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .
C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe .
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\kgtpgdumwpjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xwmlffzuhdadjalhztlka.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\xwmlffzuhdadjalhztlka.exe
C:\Users\Admin\AppData\Local\Temp\xwmlffzuhdadjalhztlka.exe .
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xwmlffzuhdadjalhztlka.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe .
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xwmlffzuhdadjalhztlka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uoztidsiqhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mivpoefvshjoeojatokx.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kgtpgdumwpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kgtpgdumwpjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe .
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\xwmlffzuhdadjalhztlka.exe
xwmlffzuhdadjalhztlka.exe
C:\Windows\uoztidsiqhzxykqh.exe
uoztidsiqhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .
C:\Windows\kgtpgdumwpjjmaibqh.exe
kgtpgdumwpjjmaibqh.exe
C:\Windows\kgtpgdumwpjjmaibqh.exe
kgtpgdumwpjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe
C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe .
C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\kgtpgdumwpjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yqzpkwtfyjhiuare.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\uoztidsiqhzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\igvtmleykfbdiyidunec.exe*."
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vsgdvtlepjefjyhbrjz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe .
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yqzpkwtfyjhiuare.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe .
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yqzpkwtfyjhiuare.exe*."
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yqzpkwtfyjhiuare.exe*."
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yqzpkwtfyjhiuare.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe .
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe .
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mivpoefvshjoeojatokx.exe*."
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mivpoefvshjoeojatokx.exe*."
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yqzpkwtfyjhiuare.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xwmlffzuhdadjalhztlka.exe
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .
C:\Windows\xwmlffzuhdadjalhztlka.exe
xwmlffzuhdadjalhztlka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c igvtmleykfbdiyidunec.exe .
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe
C:\Windows\igvtmleykfbdiyidunec.exe
igvtmleykfbdiyidunec.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xwmlffzuhdadjalhztlka.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c igvtmleykfbdiyidunec.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\igvtmleykfbdiyidunec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe .
C:\Windows\xwmlffzuhdadjalhztlka.exe
xwmlffzuhdadjalhztlka.exe
C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Windows\igvtmleykfbdiyidunec.exe
igvtmleykfbdiyidunec.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe
C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\igvtmleykfbdiyidunec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\igvtmleykfbdiyidunec.exe*."
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .
C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe
C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mivpoefvshjoeojatokx.exe*."
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\igvtmleykfbdiyidunec.exe*."
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yqzpkwtfyjhiuare.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe .
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yqzpkwtfyjhiuare.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mivpoefvshjoeojatokx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe .
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yqzpkwtfyjhiuare.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c igvtmleykfbdiyidunec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."
C:\Windows\igvtmleykfbdiyidunec.exe
igvtmleykfbdiyidunec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uoztidsiqhzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vsgdvtlepjefjyhbrjz.exe
C:\Windows\uoztidsiqhzxykqh.exe
uoztidsiqhzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bwidtpfwfxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."
C:\Windows\vsgdvtlepjefjyhbrjz.exe
vsgdvtlepjefjyhbrjz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mivpoefvshjoeojatokx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\uoztidsiqhzxykqh.exe*."
C:\Windows\bwidtpfwfxqpreldr.exe
bwidtpfwfxqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bwidtpfwfxqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vsgdvtlepjefjyhbrjz.exe*."
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe
C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\uoztidsiqhzxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mivpoefvshjoeojatokx.exe*."
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."
C:\Windows\fyizvigtnzyanumaq.exe
fyizvigtnzyanumaq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe
C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Windows\zugzxmmbxlmqfoiyqkf.exe
zugzxmmbxlmqfoiyqkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe
C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe
C:\Windows\mivpoefvshjoeojatokx.exe
mivpoefvshjoeojatokx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .
C:\Windows\bymhhyarpfiofqmeyurfa.exe
bymhhyarpfiofqmeyurfa.exe .
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe
"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .
C:\Windows\yqzpkwtfyjhiuare.exe
yqzpkwtfyjhiuare.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Windows\oitliwvjerruiqjypi.exe
oitliwvjerruiqjypi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| GB | 88.221.135.0:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.imdb.com | udp |
| FR | 52.222.159.143:80 | www.imdb.com | tcp |
| LT | 78.61.84.37:30728 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | fyvqgej.net | udp |
| US | 8.8.8.8:53 | tkdkdtvrz.org | udp |
| US | 8.8.8.8:53 | qclkdctyh.info | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | mmycbrun.net | udp |
| US | 8.8.8.8:53 | ibosmq.net | udp |
| US | 8.8.8.8:53 | ubvudhvuum.info | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | vklmquv.net | udp |
| US | 8.8.8.8:53 | lugmluzbyby.net | udp |
| US | 8.8.8.8:53 | bbxaehw.info | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | xixcjhrcnych.net | udp |
| US | 8.8.8.8:53 | brerphfw.info | udp |
| US | 8.8.8.8:53 | kcjhxifkhq.info | udp |
| US | 8.8.8.8:53 | fqkwpnieiwv.net | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | pfyqisui.info | udp |
| US | 8.8.8.8:53 | rafgtfaldts.info | udp |
| US | 8.8.8.8:53 | ykdacup.info | udp |
| US | 8.8.8.8:53 | wiwgickmyqsk.com | udp |
| US | 8.8.8.8:53 | xupwyiqwv.net | udp |
| US | 8.8.8.8:53 | tfisvop.com | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | olxbkt.info | udp |
| US | 8.8.8.8:53 | mioyqawqukgw.com | udp |
| US | 8.8.8.8:53 | iixjcofr.net | udp |
| US | 8.8.8.8:53 | juhgzmyhozwi.info | udp |
| US | 8.8.8.8:53 | ekvsbyujj.net | udp |
| US | 8.8.8.8:53 | ywimauseiu.com | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | xjkylcyib.net | udp |
| US | 8.8.8.8:53 | tbvbtp.net | udp |
| US | 8.8.8.8:53 | tphfnw.info | udp |
| US | 8.8.8.8:53 | dqyydcnk.net | udp |
| LT | 78.61.84.37:30728 | tcp | |
| US | 8.8.8.8:53 | semqskgk.com | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | zpjxppxavv.net | udp |
| US | 8.8.8.8:53 | arjutgsgyus.net | udp |
| US | 8.8.8.8:53 | kmttderiywt.info | udp |
| US | 8.8.8.8:53 | kwrhmyzeo.info | udp |
| US | 8.8.8.8:53 | tcfinbuwqc.net | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | kkdqkeav.info | udp |
| US | 8.8.8.8:53 | tpdmbnugwj.info | udp |
| US | 8.8.8.8:53 | eiiaeqglaxfe.net | udp |
| US | 8.8.8.8:53 | faoaccjxdk.info | udp |
| US | 8.8.8.8:53 | igimfqzazztk.info | udp |
| US | 8.8.8.8:53 | htccizixhffs.info | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | aaqmynoaa.info | udp |
| US | 8.8.8.8:53 | ceqyecrgr.info | udp |
| US | 8.8.8.8:53 | neskryqmfkt.net | udp |
| US | 8.8.8.8:53 | eeaouicecc.com | udp |
| US | 8.8.8.8:53 | lapbtkvml.net | udp |
| US | 8.8.8.8:53 | nwlqzkkglu.net | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | gyeoaoaocaag.com | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | oiyiqg.org | udp |
| US | 8.8.8.8:53 | bplxfbexbg.info | udp |
| US | 8.8.8.8:53 | vuvaguj.com | udp |
| US | 8.8.8.8:53 | njmssjej.net | udp |
| US | 8.8.8.8:53 | zhrzdapl.net | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | qogeuokyiaqs.org | udp |
| US | 8.8.8.8:53 | dutljqz.org | udp |
| US | 8.8.8.8:53 | xcrixmj.com | udp |
| US | 8.8.8.8:53 | zozkjugx.net | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | dmzcyqz.com | udp |
| US | 8.8.8.8:53 | holdsrkfoexs.net | udp |
| US | 8.8.8.8:53 | pjnchqao.net | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | vczyrgdor.com | udp |
| US | 8.8.8.8:53 | idrmlscsum.info | udp |
| US | 8.8.8.8:53 | ptkqeh.info | udp |
| US | 8.8.8.8:53 | bfdhbjrhlz.net | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | nopeasuan.com | udp |
| US | 8.8.8.8:53 | osnxgea.info | udp |
| US | 8.8.8.8:53 | zxutaw.info | udp |
| US | 8.8.8.8:53 | kvqowmqzgp.net | udp |
| US | 8.8.8.8:53 | unfnepkhso.net | udp |
| US | 8.8.8.8:53 | ppxbix.info | udp |
| US | 8.8.8.8:53 | gerhcb.info | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | muuuuiuq.com | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | osmurnjxmxpc.net | udp |
| US | 8.8.8.8:53 | twewfd.info | udp |
| US | 8.8.8.8:53 | xyckcgzcxgj.net | udp |
| US | 8.8.8.8:53 | dxrmyzaj.net | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | hcnguepgnkx.org | udp |
| US | 8.8.8.8:53 | plsqvl.net | udp |
| US | 8.8.8.8:53 | sopyfsgkr.net | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | xstoagc.org | udp |
| US | 8.8.8.8:53 | ojodjsuxxyli.net | udp |
| US | 8.8.8.8:53 | mulaguiekes.net | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | uktknmn.info | udp |
| US | 8.8.8.8:53 | wbpxdp.info | udp |
| US | 8.8.8.8:53 | rflamnsycqdj.info | udp |
| US | 8.8.8.8:53 | zulrvka.net | udp |
| US | 8.8.8.8:53 | kwgqeicwwuiw.org | udp |
| US | 8.8.8.8:53 | vdvonneuwua.org | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | awnkhkduvie.net | udp |
| US | 8.8.8.8:53 | mkwgcaugumai.org | udp |
| US | 8.8.8.8:53 | cnuulpgk.net | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | hkhrcmr.net | udp |
| US | 8.8.8.8:53 | zbvmvudht.info | udp |
| US | 8.8.8.8:53 | ukusoiamscos.org | udp |
| US | 8.8.8.8:53 | palpynv.net | udp |
| US | 8.8.8.8:53 | suuyeiuauccq.org | udp |
| US | 8.8.8.8:53 | dvwweqvt.net | udp |
| US | 8.8.8.8:53 | ouxbxxzexkf.net | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | eqtynoo.net | udp |
| US | 8.8.8.8:53 | drjmoel.com | udp |
| US | 8.8.8.8:53 | eycqolruptj.net | udp |
| US | 8.8.8.8:53 | sypkrovon.info | udp |
| US | 8.8.8.8:53 | estgqqgbwqxg.info | udp |
| US | 8.8.8.8:53 | suqqjf.info | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | xuppauollwp.net | udp |
| US | 8.8.8.8:53 | lrxplhbd.info | udp |
| US | 8.8.8.8:53 | naihxubwx.org | udp |
| US | 8.8.8.8:53 | rcpjqe.info | udp |
| US | 8.8.8.8:53 | jmbyteehtaz.info | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | ynoajjjwhoo.net | udp |
| US | 8.8.8.8:53 | hxbobup.org | udp |
| US | 8.8.8.8:53 | nzjszuxkfpdp.net | udp |
| US | 8.8.8.8:53 | gqhmeadaaz.net | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | lurydwr.org | udp |
| US | 8.8.8.8:53 | rhsduknvzsnl.net | udp |
| US | 8.8.8.8:53 | blubzate.info | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | dwjetlxuj.net | udp |
| US | 8.8.8.8:53 | txatyevgrhyu.info | udp |
| US | 8.8.8.8:53 | skblhcgsrn.info | udp |
| US | 8.8.8.8:53 | pyogedv.com | udp |
| US | 8.8.8.8:53 | uwqyssogws.org | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | sobgpcndp.net | udp |
| US | 8.8.8.8:53 | mfxuvavycrl.net | udp |
| US | 8.8.8.8:53 | umletazbz.info | udp |
| US | 8.8.8.8:53 | wlezjolr.info | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | qgjtruylxphr.info | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | jrfflotyexqg.net | udp |
| US | 8.8.8.8:53 | ccftrgngi.net | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | rswyleo.net | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | pxgidzbgzzw.org | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | cbbmnuzswxh.net | udp |
| US | 8.8.8.8:53 | mhemoypm.info | udp |
| US | 8.8.8.8:53 | jjvynfjouik.info | udp |
| US | 8.8.8.8:53 | sqkqku.org | udp |
| US | 8.8.8.8:53 | yuhenutpfbna.net | udp |
| US | 8.8.8.8:53 | wggwimwmyq.com | udp |
| US | 8.8.8.8:53 | lghqfoh.com | udp |
| US | 8.8.8.8:53 | pggshlr.info | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | tdchjxar.net | udp |
| US | 8.8.8.8:53 | srgbznte.net | udp |
| US | 8.8.8.8:53 | makums.org | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | hkblqfhadzps.info | udp |
| US | 8.8.8.8:53 | nhrdwmqkmyt.org | udp |
| US | 8.8.8.8:53 | mmjhyrpijgl.info | udp |
| US | 8.8.8.8:53 | rkzahtc.org | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | uilubtztf.net | udp |
| US | 8.8.8.8:53 | pfabhgcpau.net | udp |
| US | 8.8.8.8:53 | twfddqwdlec.org | udp |
| US | 8.8.8.8:53 | octytvrmo.net | udp |
| US | 8.8.8.8:53 | bobzcxzs.info | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | igaasway.com | udp |
| US | 8.8.8.8:53 | thzarcvdpkdl.net | udp |
| US | 8.8.8.8:53 | hzzzeq.info | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | mcqmyeccgq.org | udp |
| US | 8.8.8.8:53 | mziygdxtciii.info | udp |
| US | 8.8.8.8:53 | aofcjyjeniv.net | udp |
| US | 8.8.8.8:53 | jqenbinqp.info | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | amguomaaee.org | udp |
| US | 8.8.8.8:53 | iceryyh.net | udp |
| US | 8.8.8.8:53 | ishjjiplar.info | udp |
| US | 8.8.8.8:53 | zovkcvbh.info | udp |
| US | 8.8.8.8:53 | wqcqka.org | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | gipyaap.info | udp |
| US | 8.8.8.8:53 | lgzyxip.net | udp |
| US | 8.8.8.8:53 | wuoskljobll.net | udp |
| US | 8.8.8.8:53 | vjdujbl.info | udp |
| US | 8.8.8.8:53 | ekaywgki.org | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | wqzqphxn.info | udp |
| US | 8.8.8.8:53 | twtafyxkpib.org | udp |
| US | 8.8.8.8:53 | fmscjrrypym.com | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | eimyvaqk.net | udp |
| US | 8.8.8.8:53 | kptqzqhd.net | udp |
| US | 8.8.8.8:53 | kacstwwne.info | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | zklhactt.info | udp |
| US | 8.8.8.8:53 | rusnhvrdxm.net | udp |
| US | 8.8.8.8:53 | hhcabxh.info | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | eemqig.com | udp |
| US | 8.8.8.8:53 | vvhdwvyo.info | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | jgniaygwrqo.org | udp |
| US | 8.8.8.8:53 | igckcikoogeu.org | udp |
| US | 8.8.8.8:53 | rzdzoie.net | udp |
| US | 8.8.8.8:53 | ywrwjetkzfv.info | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | yoisow.org | udp |
| US | 8.8.8.8:53 | nouctkseci.net | udp |
| US | 8.8.8.8:53 | wmaucs.com | udp |
| US | 8.8.8.8:53 | bfwipkv.net | udp |
| US | 8.8.8.8:53 | tqvdxtavik.net | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | msakyiyi.com | udp |
| US | 8.8.8.8:53 | vukkjefvt.net | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | ldbrlaoe.info | udp |
| US | 8.8.8.8:53 | mocoet.net | udp |
| US | 8.8.8.8:53 | iyaoks.org | udp |
| US | 8.8.8.8:53 | rjggzcvex.info | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | hicgspxwra.info | udp |
| US | 8.8.8.8:53 | akcmaa.org | udp |
| US | 8.8.8.8:53 | tffmejgi.info | udp |
| US | 8.8.8.8:53 | miiaoweoywqg.com | udp |
| US | 8.8.8.8:53 | vzzbuktlezpm.info | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | icqrtkw.net | udp |
| US | 8.8.8.8:53 | uuxzhc.info | udp |
| US | 8.8.8.8:53 | ocmkaucqwe.com | udp |
| US | 8.8.8.8:53 | pgbzuqt.org | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | iewskikuay.org | udp |
| US | 8.8.8.8:53 | vzxtvdjprz.net | udp |
| US | 8.8.8.8:53 | zpfeuykdvzvu.net | udp |
| US | 8.8.8.8:53 | nglvtaiyt.net | udp |
| US | 8.8.8.8:53 | vynxyquzvhf.org | udp |
| US | 8.8.8.8:53 | zlxpusjxtiv.org | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | cegoqu.com | udp |
| US | 8.8.8.8:53 | kssawmya.org | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | qkbkmldmn.info | udp |
| US | 8.8.8.8:53 | qjlxuqj.net | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | uaygqe.com | udp |
| US | 8.8.8.8:53 | dvmkvicmrfcg.info | udp |
| US | 8.8.8.8:53 | umgamamauysg.org | udp |
| US | 8.8.8.8:53 | skmsbencsvsu.info | udp |
| US | 8.8.8.8:53 | lelimqma.info | udp |
| US | 8.8.8.8:53 | kbwezwg.net | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | zoqpebow.info | udp |
| US | 8.8.8.8:53 | ygflrh.info | udp |
| US | 8.8.8.8:53 | ynjvtslk.net | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | ombkfwn.info | udp |
| US | 8.8.8.8:53 | cowqokek.org | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | xyyfpanhdkz.net | udp |
| US | 8.8.8.8:53 | ukkeiavlt.net | udp |
| US | 8.8.8.8:53 | egbgzolepaj.net | udp |
| US | 8.8.8.8:53 | xxnkvklsqf.net | udp |
| US | 8.8.8.8:53 | yfgykzwi.info | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | yqwkusuc.com | udp |
| US | 8.8.8.8:53 | xgbapyjyrwh.com | udp |
| US | 8.8.8.8:53 | bmefunwozrd.com | udp |
| US | 8.8.8.8:53 | jkwvny.net | udp |
| US | 8.8.8.8:53 | irsdgxrbvgos.net | udp |
| US | 8.8.8.8:53 | olajhjjq.info | udp |
| US | 8.8.8.8:53 | porzjatgtdj.com | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | ouvhpmu.info | udp |
| US | 8.8.8.8:53 | enkwqsvkb.net | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | znhornae.info | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | damsplj.net | udp |
| US | 8.8.8.8:53 | msqugrbxtxbv.info | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | sbkqpkzez.info | udp |
| US | 8.8.8.8:53 | buzkvgluklk.net | udp |
| US | 8.8.8.8:53 | jgloiwtjjqw.org | udp |
| US | 8.8.8.8:53 | dyhylhgmenja.info | udp |
| US | 8.8.8.8:53 | dolodlrcma.net | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | mzygeylgio.net | udp |
| US | 8.8.8.8:53 | jxdhlrvdjc.net | udp |
| US | 8.8.8.8:53 | wuucuggqcims.org | udp |
| US | 8.8.8.8:53 | uqicqm.com | udp |
| US | 8.8.8.8:53 | soueumce.com | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | ftxxrhle.net | udp |
| US | 8.8.8.8:53 | lgmoogbktes.info | udp |
| US | 8.8.8.8:53 | bxvxuaogfuhn.info | udp |
| US | 8.8.8.8:53 | cdrqqx.net | udp |
| US | 8.8.8.8:53 | kopofgoxp.net | udp |
| US | 8.8.8.8:53 | kujeigz.net | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | fpeofmbaz.info | udp |
| US | 8.8.8.8:53 | kfqhuecvrqvp.net | udp |
| US | 8.8.8.8:53 | coignhkel.net | udp |
| US | 8.8.8.8:53 | rwrzll.info | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | jseqkubusrp.net | udp |
| US | 8.8.8.8:53 | csmrwj.net | udp |
| US | 8.8.8.8:53 | rrqsfhoae.info | udp |
| US | 8.8.8.8:53 | ooimiaowyo.org | udp |
| US | 8.8.8.8:53 | drjyum.info | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | gsagguuqmaik.com | udp |
| US | 8.8.8.8:53 | ombgpausvgx.net | udp |
| US | 8.8.8.8:53 | wqooykuacoqi.com | udp |
| US | 8.8.8.8:53 | icqkuk.com | udp |
| US | 8.8.8.8:53 | vmzodynzrwo.org | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | quvgpdslxdpm.net | udp |
| US | 8.8.8.8:53 | hvfoey.net | udp |
| US | 8.8.8.8:53 | nwljkcqbflki.info | udp |
| US | 8.8.8.8:53 | rnlgvlqdhpgh.net | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | ffthsognpy.net | udp |
| US | 8.8.8.8:53 | ppgixqwunuf.org | udp |
| US | 8.8.8.8:53 | qeakwkyuuwyg.org | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | nzahwbng.net | udp |
| US | 8.8.8.8:53 | vtwfhqnme.org | udp |
| US | 8.8.8.8:53 | cagucggq.org | udp |
| US | 8.8.8.8:53 | gwvmhej.net | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | kswwqq.com | udp |
| US | 8.8.8.8:53 | ridufkvausz.info | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | gbbnvmugvp.info | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | ucaeccsi.org | udp |
| US | 8.8.8.8:53 | zrxidbzcvfpp.net | udp |
| US | 8.8.8.8:53 | imwuegeo.org | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | igqxolgkhe.info | udp |
| US | 8.8.8.8:53 | jupibyoqhmx.info | udp |
| US | 8.8.8.8:53 | bmtdui.net | udp |
| US | 8.8.8.8:53 | roxftpwfit.net | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | okhraurexw.net | udp |
| US | 8.8.8.8:53 | kkhgjwcpwun.info | udp |
| US | 8.8.8.8:53 | mwthbxuawvyh.info | udp |
| US | 8.8.8.8:53 | suckkiqy.org | udp |
| US | 8.8.8.8:53 | cmmgos.com | udp |
| US | 8.8.8.8:53 | aopkoqxiraf.info | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | sooeeiogyowi.com | udp |
| US | 8.8.8.8:53 | brvvkc.net | udp |
| US | 8.8.8.8:53 | qkqgeygakqso.com | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | xnnmdyxmr.info | udp |
| US | 8.8.8.8:53 | hzcdvr.info | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | ucwkiyqsoqug.com | udp |
| US | 8.8.8.8:53 | sumcdb.net | udp |
| US | 8.8.8.8:53 | dsoborwoisuv.info | udp |
| US | 8.8.8.8:53 | wsddgxvo.info | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | uyguqqimye.org | udp |
| US | 8.8.8.8:53 | fvvwcddmqyj.net | udp |
| US | 8.8.8.8:53 | ykzchuhip.info | udp |
| US | 8.8.8.8:53 | ukyasuuseqsw.org | udp |
| US | 8.8.8.8:53 | lyhcqaz.com | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | uqymsyacgqsu.org | udp |
| US | 8.8.8.8:53 | zieavhw.net | udp |
| US | 8.8.8.8:53 | nyedbtxz.net | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | iykiycoqgcwc.org | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | soixapbv.info | udp |
| US | 8.8.8.8:53 | eufvjumpsttg.net | udp |
| US | 8.8.8.8:53 | vdyvqovexz.net | udp |
| US | 8.8.8.8:53 | qstxxwbky.info | udp |
| US | 8.8.8.8:53 | naerbumfrnhu.info | udp |
| US | 8.8.8.8:53 | jqhubyx.org | udp |
| US | 8.8.8.8:53 | ugfulktosrl.net | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | wnbfdvxh.info | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | nczsddrem.net | udp |
| US | 8.8.8.8:53 | usllaax.net | udp |
| US | 8.8.8.8:53 | hzubfeef.net | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | zuhpth.info | udp |
| US | 8.8.8.8:53 | onxsiihu.net | udp |
| US | 8.8.8.8:53 | gmcfnfhwf.info | udp |
| US | 8.8.8.8:53 | tivdhj.info | udp |
| US | 8.8.8.8:53 | eqtydop.net | udp |
| US | 8.8.8.8:53 | dobbnleh.net | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | kurmpao.net | udp |
| US | 8.8.8.8:53 | pojilhvpzgf.net | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | vjcifdqsx.info | udp |
| US | 8.8.8.8:53 | fwqctdlwdvl.com | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | gkiygeiw.org | udp |
| US | 8.8.8.8:53 | uxfqzo.net | udp |
| US | 8.8.8.8:53 | vkxrfsjadnv.info | udp |
| US | 8.8.8.8:53 | ujnuqsw.info | udp |
| US | 8.8.8.8:53 | qywgloxqv.info | udp |
| US | 8.8.8.8:53 | bghktwf.net | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | rixzhadubu.info | udp |
| US | 8.8.8.8:53 | xhnxxgtwzka.info | udp |
| US | 8.8.8.8:53 | saumfskxi.info | udp |
| US | 8.8.8.8:53 | redmvenw.info | udp |
| US | 8.8.8.8:53 | waiwimaawq.org | udp |
| US | 8.8.8.8:53 | lqnqaohstuw.info | udp |
| US | 8.8.8.8:53 | ecumsu.org | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | eztxqj.info | udp |
| US | 8.8.8.8:53 | fcvqjxdym.info | udp |
| US | 8.8.8.8:53 | txkktx.info | udp |
| US | 8.8.8.8:53 | nocrkyqz.net | udp |
| US | 8.8.8.8:53 | gawewigo.com | udp |
| US | 8.8.8.8:53 | nwemypgorlgh.net | udp |
| US | 8.8.8.8:53 | swgjnaxwfrb.net | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | lmnsnyl.info | udp |
| US | 8.8.8.8:53 | zuxahel.info | udp |
| US | 8.8.8.8:53 | dobimn.info | udp |
| US | 8.8.8.8:53 | oilnqvvhoh.info | udp |
| US | 8.8.8.8:53 | rhlzymtjzo.info | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | uolquckgl.net | udp |
| US | 8.8.8.8:53 | zgbpnkrn.info | udp |
| US | 8.8.8.8:53 | jcyjvafgjgo.net | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | syifaat.info | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | cmeuuksiayei.org | udp |
| US | 8.8.8.8:53 | btroncy.info | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | fexlzhlyhah.net | udp |
| US | 8.8.8.8:53 | wwyyggkqkm.org | udp |
| US | 8.8.8.8:53 | wgqesalf.info | udp |
| US | 8.8.8.8:53 | dnoenxcc.net | udp |
| US | 8.8.8.8:53 | qcgwyemuusma.com | udp |
| US | 8.8.8.8:53 | zktxjkttqd.net | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | asasqymgqgky.com | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | ezlxwqjn.net | udp |
| US | 8.8.8.8:53 | aozpmqbnx.net | udp |
| US | 8.8.8.8:53 | beegakv.com | udp |
| US | 8.8.8.8:53 | wkexljewohlp.info | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | bofnlpvkh.info | udp |
| US | 8.8.8.8:53 | ptsrfdnk.net | udp |
| US | 8.8.8.8:53 | xvvuhdnao.com | udp |
| US | 8.8.8.8:53 | lmzpdyxjr.info | udp |
| US | 8.8.8.8:53 | rultvjtcyg.info | udp |
| US | 8.8.8.8:53 | lerlqgld.info | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | yskuygwc.com | udp |
| US | 8.8.8.8:53 | redlnehi.info | udp |
| US | 8.8.8.8:53 | zetazsusbsh.info | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | sqsswygcomgs.org | udp |
| US | 8.8.8.8:53 | krcemkyt.net | udp |
| US | 8.8.8.8:53 | hsfkwh.info | udp |
| US | 8.8.8.8:53 | zbtwspdgyn.info | udp |
| US | 8.8.8.8:53 | qnnqgpu.net | udp |
| US | 8.8.8.8:53 | avmocghcdvy.info | udp |
| US | 8.8.8.8:53 | ykuiicau.com | udp |
| US | 8.8.8.8:53 | wageausweuom.org | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | rkvgndz.net | udp |
| US | 8.8.8.8:53 | kzoyjjzjiimb.info | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | mmogamuo.com | udp |
| US | 8.8.8.8:53 | gjhudhu.net | udp |
| US | 8.8.8.8:53 | wejotoy.net | udp |
| US | 8.8.8.8:53 | bmbewbvloblo.net | udp |
| US | 8.8.8.8:53 | asaiwmos.org | udp |
| US | 8.8.8.8:53 | ryhanqdfmd.net | udp |
| US | 8.8.8.8:53 | jkztaou.org | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | vwegfdxuiu.net | udp |
| US | 8.8.8.8:53 | gmyqgigmuo.org | udp |
| US | 8.8.8.8:53 | zidugrm.net | udp |
| US | 8.8.8.8:53 | iqufvufirot.net | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | nugyes.net | udp |
| US | 8.8.8.8:53 | icmsuaeqck.com | udp |
| US | 8.8.8.8:53 | uynodxkrqhli.net | udp |
| US | 8.8.8.8:53 | hmhunafqgoc.net | udp |
| US | 8.8.8.8:53 | hmzkfkv.com | udp |
| US | 8.8.8.8:53 | qkxwqzaewvta.info | udp |
| US | 8.8.8.8:53 | uwwgkoaeqamo.com | udp |
| US | 8.8.8.8:53 | kwntxtahytbo.net | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | harbughmv.net | udp |
| US | 8.8.8.8:53 | qyxgvgblf.net | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | gkdmbibgmln.info | udp |
| US | 8.8.8.8:53 | dxoaoxgkf.com | udp |
| US | 8.8.8.8:53 | mexktizeyhyy.info | udp |
| US | 8.8.8.8:53 | esymyesc.org | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | prftgqch.info | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | aokskisuewmy.com | udp |
| US | 8.8.8.8:53 | bnqszsxdxz.net | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | lxbluoxf.net | udp |
| US | 8.8.8.8:53 | lszfrmupqm.info | udp |
| US | 8.8.8.8:53 | mytotsw.info | udp |
| US | 8.8.8.8:53 | mkoruyn.net | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | cqrsbhrxhaw.info | udp |
| US | 8.8.8.8:53 | yczvrll.net | udp |
| US | 8.8.8.8:53 | mkzkzap.net | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | jopdzn.info | udp |
| US | 8.8.8.8:53 | luycsf.net | udp |
| US | 8.8.8.8:53 | qmmuqtbfohzu.net | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | gwfhdmjmw.net | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | dvbavqtgrlh.net | udp |
| US | 8.8.8.8:53 | ukfzrtdiwo.net | udp |
| US | 8.8.8.8:53 | mgkaci.com | udp |
| US | 8.8.8.8:53 | hmowcayyap.net | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | pygamuv.net | udp |
| US | 8.8.8.8:53 | nosvmld.net | udp |
| US | 8.8.8.8:53 | lvjhuupstc.info | udp |
| US | 8.8.8.8:53 | zwnwzmbyd.net | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | hadgrsh.org | udp |
| US | 8.8.8.8:53 | ikciqwcmouwq.com | udp |
| US | 8.8.8.8:53 | vmezsobm.info | udp |
| US | 8.8.8.8:53 | geaucecqseak.com | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | uvvevoiktmp.net | udp |
| US | 8.8.8.8:53 | stnldrnpnn.info | udp |
| US | 8.8.8.8:53 | ywegouwkig.com | udp |
| US | 8.8.8.8:53 | acacyrloqh.info | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | tyqmegvikpp.com | udp |
| US | 8.8.8.8:53 | wggscikyimyi.com | udp |
| US | 8.8.8.8:53 | hhctmigbifcm.net | udp |
| US | 8.8.8.8:53 | atjknen.net | udp |
| US | 8.8.8.8:53 | mzvkhhpi.net | udp |
| US | 8.8.8.8:53 | sfhewijyx.info | udp |
| US | 8.8.8.8:53 | okgoqq.org | udp |
| US | 8.8.8.8:53 | jggjiknzalzj.info | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | opncfsxnboz.info | udp |
| US | 8.8.8.8:53 | opltjm.info | udp |
| US | 8.8.8.8:53 | iunsbqtyrsy.net | udp |
| US | 8.8.8.8:53 | vatjcnu.com | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | tijklxs.com | udp |
| US | 8.8.8.8:53 | tudgihlrvori.info | udp |
| US | 8.8.8.8:53 | ygooycmmyusc.org | udp |
| US | 8.8.8.8:53 | afopslbmsp.net | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | hocaco.net | udp |
| US | 8.8.8.8:53 | uuuwag.com | udp |
| US | 8.8.8.8:53 | baxztudwb.org | udp |
| US | 8.8.8.8:53 | rztsnryz.net | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | liaaeg.net | udp |
| US | 8.8.8.8:53 | kftirw.net | udp |
| US | 8.8.8.8:53 | qnjiwrbvrau.info | udp |
| US | 8.8.8.8:53 | nsfovelgrpn.info | udp |
| US | 8.8.8.8:53 | txmzjppatxm.net | udp |
| US | 8.8.8.8:53 | zyjecbiip.info | udp |
| US | 8.8.8.8:53 | jropdltq.net | udp |
| US | 8.8.8.8:53 | jqnogwlwr.org | udp |
| US | 8.8.8.8:53 | sekgeq.org | udp |
| US | 8.8.8.8:53 | eykqeq.com | udp |
| US | 8.8.8.8:53 | opwqzzstlvo.info | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | haavxebgf.org | udp |
| US | 8.8.8.8:53 | ufbfaevwqht.net | udp |
| US | 8.8.8.8:53 | mvldxfvoax.net | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | nmaibausj.com | udp |
| US | 8.8.8.8:53 | iwgqegwg.com | udp |
| US | 8.8.8.8:53 | lzigsktlravt.net | udp |
| US | 8.8.8.8:53 | etclvsftm.info | udp |
| US | 8.8.8.8:53 | riwtpqxqcr.net | udp |
| US | 8.8.8.8:53 | wwkutys.info | udp |
| US | 8.8.8.8:53 | varszqfmqkz.info | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | pnvcfylbkw.net | udp |
| US | 8.8.8.8:53 | ynxmhedhxib.info | udp |
| US | 8.8.8.8:53 | hkiwxvakllep.info | udp |
| US | 8.8.8.8:53 | jaoorkpybmj.net | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | ltmmtox.org | udp |
| US | 8.8.8.8:53 | zkxxnax.net | udp |
| US | 8.8.8.8:53 | synkdydcryz.info | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | rfqfss.net | udp |
| US | 8.8.8.8:53 | ndpixydmrhb.org | udp |
| US | 8.8.8.8:53 | tcenzfth.net | udp |
| US | 8.8.8.8:53 | omueesiqisgc.org | udp |
| US | 8.8.8.8:53 | ppjcksssb.org | udp |
| US | 8.8.8.8:53 | iglullxcx.net | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | gmhxrwja.info | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | rqfzqq.net | udp |
| US | 8.8.8.8:53 | vkdwovweoem.info | udp |
| US | 8.8.8.8:53 | lrzdethb.net | udp |
| US | 8.8.8.8:53 | fcnvqhhh.info | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | pnzvnpxwnm.net | udp |
| US | 8.8.8.8:53 | pmkwkvnzjk.info | udp |
| US | 8.8.8.8:53 | uysjdll.info | udp |
| US | 8.8.8.8:53 | ldpzzastbx.info | udp |
| US | 8.8.8.8:53 | xxynvihcis.info | udp |
| US | 8.8.8.8:53 | qwsexi.info | udp |
| US | 8.8.8.8:53 | slfcle.info | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | zarsxoc.com | udp |
| US | 8.8.8.8:53 | awtottlbsnr.net | udp |
| US | 8.8.8.8:53 | wwplfeegvje.net | udp |
| US | 8.8.8.8:53 | kegyeasqimoy.com | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | mewzsuhqxo.info | udp |
| US | 8.8.8.8:53 | mwyeeakici.com | udp |
| US | 8.8.8.8:53 | lfdfdupevsl.org | udp |
| US | 8.8.8.8:53 | oqsaguou.com | udp |
| US | 8.8.8.8:53 | uelmpvjqx.info | udp |
| US | 8.8.8.8:53 | dcdyxwzklhs.com | udp |
| US | 8.8.8.8:53 | kycaaby.net | udp |
| US | 8.8.8.8:53 | vsryqgb.com | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | htebvauw.info | udp |
| US | 8.8.8.8:53 | vyllnrjwfvro.info | udp |
| US | 8.8.8.8:53 | fmyqqmj.info | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | vweedmb.org | udp |
| US | 8.8.8.8:53 | jwfull.net | udp |
| US | 8.8.8.8:53 | wwtgxcteyzj.info | udp |
| US | 8.8.8.8:53 | qqseoyakksia.com | udp |
| US | 8.8.8.8:53 | kselzioit.net | udp |
| US | 8.8.8.8:53 | ijdzqa.info | udp |
| US | 8.8.8.8:53 | umqxhshovjec.info | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | jongdjh.info | udp |
| US | 8.8.8.8:53 | dcmuzow.com | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | llzghkftkyec.info | udp |
| US | 8.8.8.8:53 | sbleszjvvg.net | udp |
| US | 8.8.8.8:53 | wztqtgjhtgl.info | udp |
| US | 8.8.8.8:53 | wyouismkim.org | udp |
| US | 8.8.8.8:53 | tmqpoehu.info | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | famkbhvej.com | udp |
| US | 8.8.8.8:53 | iisuvseij.info | udp |
| US | 8.8.8.8:53 | ozbfhqw.net | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | hxpbdbestx.net | udp |
| US | 8.8.8.8:53 | muqgsqcy.org | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | ouosewysay.com | udp |
| US | 8.8.8.8:53 | ektuwgs.info | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | farirmhxn.net | udp |
| US | 8.8.8.8:53 | tgfytkiga.org | udp |
| US | 8.8.8.8:53 | jsomvivueud.info | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | pzqsbwtup.org | udp |
| US | 8.8.8.8:53 | dyyvuvnbnms.info | udp |
| US | 8.8.8.8:53 | hqycpknrl.info | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | ddnagut.net | udp |
| US | 8.8.8.8:53 | izvstevyoxdz.net | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | mxtchd.info | udp |
| US | 8.8.8.8:53 | umteqyv.info | udp |
| US | 8.8.8.8:53 | aakicwgeguaw.com | udp |
| US | 8.8.8.8:53 | bcwukzmauq.info | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | lqqubtmi.info | udp |
| US | 8.8.8.8:53 | qzfybg.net | udp |
| US | 8.8.8.8:53 | nexybapxati.net | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | qhbtlcesdu.info | udp |
| US | 8.8.8.8:53 | ikmcuuv.info | udp |
| US | 8.8.8.8:53 | hzlazafqpgmu.net | udp |
| US | 8.8.8.8:53 | ygvxekxsnyt.info | udp |
| US | 8.8.8.8:53 | wsfsufki.info | udp |
| US | 8.8.8.8:53 | tusgthxur.com | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | dmvprw.net | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | ibsivd.net | udp |
| US | 8.8.8.8:53 | gkwcwogqki.org | udp |
| US | 8.8.8.8:53 | aerjlysnv.net | udp |
| US | 8.8.8.8:53 | uiuekuys.org | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | unjigshqi.net | udp |
| US | 8.8.8.8:53 | omkbsmfhlq.net | udp |
| US | 8.8.8.8:53 | sieibora.net | udp |
| US | 8.8.8.8:53 | miwmemmi.com | udp |
| US | 8.8.8.8:53 | lsnooolaymk.info | udp |
| US | 8.8.8.8:53 | kanrsrvit.net | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | jgsulgls.net | udp |
| US | 8.8.8.8:53 | cymakoqu.org | udp |
| US | 8.8.8.8:53 | qghxvqv.info | udp |
| US | 8.8.8.8:53 | wgdyzqpwn.net | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | kqaiocyq.com | udp |
| US | 8.8.8.8:53 | uoxibzdau.net | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | tcykbmxt.info | udp |
| US | 8.8.8.8:53 | hwtqgvjxzk.info | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | tlhelhhtdmh.info | udp |
| US | 8.8.8.8:53 | aaszfufandz.info | udp |
| US | 8.8.8.8:53 | crnsvufotkl.info | udp |
| US | 8.8.8.8:53 | rfzkmobxlg.info | udp |
| US | 8.8.8.8:53 | amegiesk.org | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | pokivbggpgzw.info | udp |
| US | 8.8.8.8:53 | ennzzlvv.info | udp |
| US | 8.8.8.8:53 | zojnbcklr.net | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | uwloxmdpb.info | udp |
| US | 8.8.8.8:53 | sqxetl.net | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | ukwyasakgosw.com | udp |
| US | 8.8.8.8:53 | kssxpvp.info | udp |
| US | 8.8.8.8:53 | pbhubawkout.org | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | nbokbqss.net | udp |
| US | 8.8.8.8:53 | fjkzdm.info | udp |
| US | 8.8.8.8:53 | calevsp.info | udp |
| US | 8.8.8.8:53 | cmoosk.com | udp |
| US | 8.8.8.8:53 | kigvdgi.net | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | xxjldlvrkg.info | udp |
| US | 8.8.8.8:53 | ofhssslsrkn.info | udp |
| US | 8.8.8.8:53 | muikqi.com | udp |
| US | 8.8.8.8:53 | yubmnah.info | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | ewzsthlxekk.info | udp |
| US | 8.8.8.8:53 | gikoao.org | udp |
| US | 8.8.8.8:53 | kukfsengsh.info | udp |
| US | 8.8.8.8:53 | gaukhrsmvwlq.net | udp |
| US | 8.8.8.8:53 | qwbhby.info | udp |
| US | 8.8.8.8:53 | cgzqtowog.info | udp |
| US | 8.8.8.8:53 | nkzcfuwhz.net | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | ajribzjp.net | udp |
| US | 8.8.8.8:53 | khcexcfgxv.info | udp |
| US | 8.8.8.8:53 | fpczwrezui.info | udp |
| US | 8.8.8.8:53 | yeuinhzqgpp.info | udp |
| US | 8.8.8.8:53 | rkbcnhdwuyr.info | udp |
| US | 8.8.8.8:53 | uspzbnanpy.net | udp |
| US | 8.8.8.8:53 | ozouzgl.net | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| US | 8.8.8.8:53 | sacimsws.com | udp |
| US | 8.8.8.8:53 | nftdjucldmkn.info | udp |
| US | 8.8.8.8:53 | qgcsyj.info | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | jfcxtt.info | udp |
| US | 8.8.8.8:53 | eqbciayirmm.net | udp |
| US | 8.8.8.8:53 | eydgwgxca.info | udp |
| US | 8.8.8.8:53 | vkbpvghly.org | udp |
| US | 8.8.8.8:53 | vidmdtogl.net | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | eyxuqf.net | udp |
| US | 8.8.8.8:53 | zxkoftuceswj.info | udp |
| US | 8.8.8.8:53 | giekgyskeiik.org | udp |
| US | 8.8.8.8:53 | dyzenelwe.com | udp |
| US | 8.8.8.8:53 | eghjupx.net | udp |
| US | 8.8.8.8:53 | bqliiakejjwh.net | udp |
| US | 8.8.8.8:53 | bavppixu.net | udp |
| US | 8.8.8.8:53 | meeiueoiis.com | udp |
| US | 8.8.8.8:53 | wrrlvqkm.info | udp |
| US | 8.8.8.8:53 | phmmvqlod.net | udp |
| US | 8.8.8.8:53 | afjomozsr.info | udp |
| US | 8.8.8.8:53 | vqqzukzmv.info | udp |
| US | 8.8.8.8:53 | fkgritslx.org | udp |
| US | 8.8.8.8:53 | mwciskmqwooi.org | udp |
| US | 8.8.8.8:53 | akyczqjuwwx.info | udp |
| US | 8.8.8.8:53 | pmxgpwgrhynl.net | udp |
| US | 8.8.8.8:53 | bezxeengnep.info | udp |
| US | 8.8.8.8:53 | ptpwnlreeaxo.net | udp |
| US | 8.8.8.8:53 | crlagt.net | udp |
| US | 8.8.8.8:53 | xrtalhpbbyaw.net | udp |
| US | 8.8.8.8:53 | qkmkcw.org | udp |
| US | 8.8.8.8:53 | eeeiusoc.com | udp |
| US | 8.8.8.8:53 | ugphenggjkpm.info | udp |
| US | 8.8.8.8:53 | qirsvcv.net | udp |
| US | 8.8.8.8:53 | xgyvdmrkw.org | udp |
| US | 8.8.8.8:53 | dtstyn.net | udp |
| US | 8.8.8.8:53 | lxdtklbih.org | udp |
| US | 8.8.8.8:53 | yiugiq.com | udp |
| US | 8.8.8.8:53 | zbqtpeerkb.net | udp |
| US | 8.8.8.8:53 | ocxcsgrwg.net | udp |
| US | 8.8.8.8:53 | syoemgyckyqy.com | udp |
| US | 8.8.8.8:53 | zuwrljtqss.net | udp |
| US | 8.8.8.8:53 | hikoddzsoxo.net | udp |
| US | 8.8.8.8:53 | ymdwavxadvnl.info | udp |
| US | 8.8.8.8:53 | ywsggwgu.org | udp |
| US | 8.8.8.8:53 | msaeugqyakco.org | udp |
| US | 8.8.8.8:53 | tdahbyimfc.info | udp |
| US | 8.8.8.8:53 | isxynkbutwz.info | udp |
| US | 8.8.8.8:53 | jqclhkgyeizc.info | udp |
| US | 8.8.8.8:53 | aawgkwicgyks.com | udp |
| US | 8.8.8.8:53 | lrzchytbhyg.info | udp |
| US | 8.8.8.8:53 | tmrxnmjrkb.net | udp |
| US | 8.8.8.8:53 | enorxtwiga.info | udp |
| US | 8.8.8.8:53 | jsrhhqx.info | udp |
| US | 8.8.8.8:53 | hkqywuugnys.net | udp |
| US | 8.8.8.8:53 | ymcwessi.org | udp |
| US | 8.8.8.8:53 | cichjgpkknf.net | udp |
| US | 8.8.8.8:53 | divdzmi.org | udp |
| US | 8.8.8.8:53 | uomieuwsgywa.com | udp |
| US | 8.8.8.8:53 | jbfzppty.info | udp |
| US | 8.8.8.8:53 | zlfyhshzl.info | udp |
| US | 8.8.8.8:53 | wyrqbljyczf.info | udp |
| US | 8.8.8.8:53 | fzkrxmam.info | udp |
| US | 8.8.8.8:53 | oktcrytxqxq.net | udp |
| US | 8.8.8.8:53 | uuokmwek.org | udp |
| US | 8.8.8.8:53 | iowummgsme.org | udp |
| US | 8.8.8.8:53 | zdzgoofuh.info | udp |
| US | 8.8.8.8:53 | xafntgtx.info | udp |
| US | 8.8.8.8:53 | fixijml.org | udp |
| US | 8.8.8.8:53 | ptjrucwhqyek.info | udp |
| US | 8.8.8.8:53 | bvrlxiawb.net | udp |
| US | 8.8.8.8:53 | fwqzrn.net | udp |
| US | 8.8.8.8:53 | sibibkebxthi.info | udp |
| US | 8.8.8.8:53 | bujydax.net | udp |
| US | 8.8.8.8:53 | xiwerwe.net | udp |
| US | 8.8.8.8:53 | zfxgpgzq.net | udp |
| US | 8.8.8.8:53 | sxsydftugfl.net | udp |
| US | 8.8.8.8:53 | qvuigq.info | udp |
| US | 8.8.8.8:53 | lkdcykiji.com | udp |
| US | 8.8.8.8:53 | msoiygcw.org | udp |
| US | 8.8.8.8:53 | lpnqceh.info | udp |
| US | 8.8.8.8:53 | fcqwbwolhfx.com | udp |
| US | 8.8.8.8:53 | bxdxpcbzicdo.info | udp |
| US | 8.8.8.8:53 | hgjsnnnclqv.info | udp |
| US | 8.8.8.8:53 | jntxuexoq.net | udp |
| US | 8.8.8.8:53 | scswiokcmk.com | udp |
| US | 8.8.8.8:53 | msyynnlkieoj.net | udp |
| US | 8.8.8.8:53 | dixjcmuyh.net | udp |
| US | 8.8.8.8:53 | ljlgmazcjeq.org | udp |
| US | 8.8.8.8:53 | jgravtsd.net | udp |
| US | 8.8.8.8:53 | qbaluinxfoiu.info | udp |
| US | 8.8.8.8:53 | awtrjqbmv.net | udp |
| US | 8.8.8.8:53 | nyesreh.com | udp |
| US | 8.8.8.8:53 | hjdanvcakuu.com | udp |
| US | 8.8.8.8:53 | lblbbzdwvw.info | udp |
| US | 8.8.8.8:53 | hlmrxiinac.info | udp |
| US | 8.8.8.8:53 | ejpdqikairvo.info | udp |
| US | 8.8.8.8:53 | jdzakwhkrr.info | udp |
| US | 8.8.8.8:53 | caaakckcqu.org | udp |
| US | 8.8.8.8:53 | terwausffs.net | udp |
| US | 8.8.8.8:53 | ssgqsckw.com | udp |
| US | 8.8.8.8:53 | dutgoqnz.net | udp |
| US | 8.8.8.8:53 | zmlyakv.org | udp |
| US | 8.8.8.8:53 | cxritgbkwiqj.net | udp |
| US | 8.8.8.8:53 | ndfkdfggr.info | udp |
| US | 8.8.8.8:53 | dmlapoh.info | udp |
| US | 8.8.8.8:53 | najkogn.net | udp |
| US | 8.8.8.8:53 | ngpxnqiyar.info | udp |
| US | 8.8.8.8:53 | xkbyiniqrpfv.info | udp |
| US | 8.8.8.8:53 | xflrdxdu.net | udp |
| US | 8.8.8.8:53 | asfqzpbbf.net | udp |
| US | 8.8.8.8:53 | qbbazjtyf.info | udp |
| US | 8.8.8.8:53 | eomiww.org | udp |
| US | 8.8.8.8:53 | ionlrsv.info | udp |
| US | 8.8.8.8:53 | lqycrol.info | udp |
| US | 8.8.8.8:53 | yabgjuiyvpj.net | udp |
| US | 8.8.8.8:53 | ipjywolmqze.info | udp |
| US | 8.8.8.8:53 | hprfzg.net | udp |
| US | 8.8.8.8:53 | gthrpp.net | udp |
| US | 8.8.8.8:53 | yqtafgfohsp.net | udp |
| US | 8.8.8.8:53 | hqeyzyhey.org | udp |
| US | 8.8.8.8:53 | fqvozsyex.com | udp |
| US | 8.8.8.8:53 | tezvhnfjxq.net | udp |
| US | 8.8.8.8:53 | yenhvalpdykj.info | udp |
| US | 8.8.8.8:53 | gepixjiw.info | udp |
| US | 8.8.8.8:53 | cslcvixvb.net | udp |
| US | 8.8.8.8:53 | nrpqjt.info | udp |
| US | 8.8.8.8:53 | eqyfdf.net | udp |
| US | 8.8.8.8:53 | pbzmnlhh.info | udp |
| US | 8.8.8.8:53 | mmltpxzfvd.info | udp |
| US | 8.8.8.8:53 | qoecgy.org | udp |
| US | 8.8.8.8:53 | fpawrxhn.info | udp |
| US | 8.8.8.8:53 | lkngjoezjnq.com | udp |
| US | 8.8.8.8:53 | myqikqeymayy.com | udp |
| US | 8.8.8.8:53 | yiogesoaaqii.org | udp |
| US | 8.8.8.8:53 | tmbmnsbyvks.info | udp |
| US | 8.8.8.8:53 | wrbgtg.info | udp |
| US | 8.8.8.8:53 | dfrztj.net | udp |
| US | 8.8.8.8:53 | iuopsm.info | udp |
| US | 8.8.8.8:53 | xbfhtyff.info | udp |
| US | 8.8.8.8:53 | lcnakurkrtd.com | udp |
| US | 8.8.8.8:53 | gqygvejxf.info | udp |
| US | 8.8.8.8:53 | ndbsbqbvv.info | udp |
| US | 8.8.8.8:53 | mzwneh.net | udp |
| US | 8.8.8.8:53 | hqqgzxmmgx.net | udp |
| US | 8.8.8.8:53 | zpuzlkn.info | udp |
| US | 8.8.8.8:53 | vbzarsdsnat.com | udp |
| US | 8.8.8.8:53 | hytqeejor.org | udp |
| US | 8.8.8.8:53 | vsswekgnat.info | udp |
| US | 8.8.8.8:53 | aarbvonaobs.net | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | fyvqgej.net | udp |
| US | 8.8.8.8:53 | xyurrudjd.info | udp |
| US | 8.8.8.8:53 | xeduvez.net | udp |
| US | 8.8.8.8:53 | eyjuteq.info | udp |
| US | 8.8.8.8:53 | vvlagkfghoz.net | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | dstdsihd.net | udp |
| US | 8.8.8.8:53 | kefahu.net | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | rvtxqxhknviv.net | udp |
| US | 8.8.8.8:53 | hxpmawsc.info | udp |
| US | 8.8.8.8:53 | yoqymi.com | udp |
| US | 8.8.8.8:53 | jwbegkq.org | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | xixcjhrcnych.net | udp |
| US | 8.8.8.8:53 | iaqwscwygwkk.org | udp |
| US | 8.8.8.8:53 | ntgeuxzg.info | udp |
| US | 8.8.8.8:53 | dopgdicwz.net | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | jyamjvy.net | udp |
| US | 8.8.8.8:53 | rafgtfaldts.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | skxhqbpid.info | udp |
| US | 8.8.8.8:53 | zssfdeq.com | udp |
| US | 8.8.8.8:53 | yzzglkjsoay.net | udp |
| US | 8.8.8.8:53 | twetncgfna.net | udp |
| US | 8.8.8.8:53 | sryffshvthpx.info | udp |
| US | 8.8.8.8:53 | ywimauseiu.com | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | aawxxk.net | udp |
| US | 8.8.8.8:53 | cskaaa.org | udp |
| US | 8.8.8.8:53 | uuzcnmstx.info | udp |
| US | 8.8.8.8:53 | aavqgwn.net | udp |
| US | 8.8.8.8:53 | eomkme.org | udp |
| US | 8.8.8.8:53 | amsivuhqbdn.net | udp |
| US | 8.8.8.8:53 | eepgwut.net | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | frkdhwrd.net | udp |
| US | 8.8.8.8:53 | nxhjhelg.info | udp |
| US | 8.8.8.8:53 | wjjesmdv.info | udp |
| US | 8.8.8.8:53 | xkvengumtus.net | udp |
| US | 8.8.8.8:53 | sissokky.org | udp |
| US | 8.8.8.8:53 | mvrjoxmptm.info | udp |
| US | 8.8.8.8:53 | owkasy.com | udp |
| US | 8.8.8.8:53 | ksbeqedilec.net | udp |
| US | 8.8.8.8:53 | fimrdqhkhk.info | udp |
| US | 8.8.8.8:53 | sljsxqv.info | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | djpcqld.com | udp |
| US | 8.8.8.8:53 | evyrvibynav.info | udp |
| US | 8.8.8.8:53 | faoaccjxdk.info | udp |
| US | 8.8.8.8:53 | bmdflttg.net | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | zvwqdsg.com | udp |
| US | 8.8.8.8:53 | eeaouicecc.com | udp |
| US | 8.8.8.8:53 | tezapotlvr.info | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | rimqzswpq.com | udp |
| US | 8.8.8.8:53 | hcrazcfkr.org | udp |
| US | 8.8.8.8:53 | wxmyiepqrhr.info | udp |
| US | 8.8.8.8:53 | tzxkpakieyu.com | udp |
| US | 8.8.8.8:53 | nrhgkvxqmc.info | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | gusykyzklop.info | udp |
| US | 8.8.8.8:53 | eocqcaio.com | udp |
| US | 8.8.8.8:53 | ggfqrmq.net | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | msfrjnvcslef.net | udp |
| US | 8.8.8.8:53 | vuvaguj.com | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | jnqbqpdf.net | udp |
| US | 8.8.8.8:53 | corjfuvqqnaa.net | udp |
| US | 8.8.8.8:53 | ddaqqyjgrmz.org | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | pbjzsl.info | udp |
| US | 8.8.8.8:53 | dajatux.org | udp |
| US | 8.8.8.8:53 | ntwblmbspara.info | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | sakkwwskwqug.com | udp |
| US | 8.8.8.8:53 | tbleoaln.info | udp |
| US | 8.8.8.8:53 | aezodiyiuky.net | udp |
| US | 8.8.8.8:53 | iwebzspyhsz.net | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | docybmqh.info | udp |
| US | 8.8.8.8:53 | fkcqoexkd.net | udp |
| US | 8.8.8.8:53 | ncvpkqailvvv.info | udp |
| US | 8.8.8.8:53 | wkgiom.org | udp |
| US | 8.8.8.8:53 | ngsyjjxodc.net | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | vlpivni.info | udp |
| US | 8.8.8.8:53 | ihkyfpxkxchp.info | udp |
| US | 8.8.8.8:53 | bopwrlf.org | udp |
| US | 8.8.8.8:53 | wxbxvfkfzk.info | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | hrrvcglmte.info | udp |
| US | 8.8.8.8:53 | xlnivpsuab.info | udp |
| US | 8.8.8.8:53 | oeuuiuakec.org | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | sdczocyn.info | udp |
| US | 8.8.8.8:53 | mburag.info | udp |
| US | 8.8.8.8:53 | yugauajofxb.net | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | vrhkhjkyfnwk.net | udp |
| US | 8.8.8.8:53 | asbdjzbat.net | udp |
| US | 8.8.8.8:53 | ewlavyd.net | udp |
| US | 8.8.8.8:53 | trsqzzwd.net | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | tvtaqfnmf.info | udp |
| US | 8.8.8.8:53 | huefaatdxtxt.net | udp |
| US | 8.8.8.8:53 | jaehmwxr.info | udp |
| US | 8.8.8.8:53 | yitspgx.info | udp |
| US | 8.8.8.8:53 | pkxqmfd.info | udp |
| US | 8.8.8.8:53 | gajcfaukoea.info | udp |
| US | 8.8.8.8:53 | kwgqeicwwuiw.org | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | icniiczgj.info | udp |
| US | 8.8.8.8:53 | rekyxm.info | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | eoqyxnd.info | udp |
| US | 8.8.8.8:53 | ukusoiamscos.org | udp |
| US | 8.8.8.8:53 | noobdpl.info | udp |
| US | 8.8.8.8:53 | huzwlguznmz.net | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | hydixst.info | udp |
| US | 8.8.8.8:53 | buvxtbwp.net | udp |
| US | 8.8.8.8:53 | jgwcoofzbun.net | udp |
| US | 8.8.8.8:53 | pvhlixgerjti.info | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | jynobcv.info | udp |
| US | 8.8.8.8:53 | qgombanv.info | udp |
| US | 8.8.8.8:53 | qubslmnsd.net | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | bopozsz.info | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | kgieuoiw.com | udp |
| US | 8.8.8.8:53 | vnxbbrnzjqh.info | udp |
| US | 8.8.8.8:53 | fdeodul.info | udp |
| US | 8.8.8.8:53 | cgwwcc.com | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | nsmgfxgs.net | udp |
| US | 8.8.8.8:53 | wqzinczmx.info | udp |
| US | 8.8.8.8:53 | mpqgselgl.info | udp |
| US | 8.8.8.8:53 | vwvmhaj.net | udp |
| US | 8.8.8.8:53 | xfjrhd.info | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | joudfasurxxt.info | udp |
| US | 8.8.8.8:53 | dnyottlbju.net | udp |
| US | 8.8.8.8:53 | aknuvqvm.net | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | yotehgakb.info | udp |
| US | 8.8.8.8:53 | rpfupezssvpk.info | udp |
| US | 8.8.8.8:53 | zkhujspqb.net | udp |
| US | 8.8.8.8:53 | xkksuaqezut.net | udp |
| US | 8.8.8.8:53 | inhwrprogej.net | udp |
| US | 8.8.8.8:53 | kbxsyyrb.info | udp |
| US | 8.8.8.8:53 | ugyykuaakc.com | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | zyryujx.net | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | jbvkvlvrxd.net | udp |
| US | 8.8.8.8:53 | tcrnxafdbyx.org | udp |
| US | 8.8.8.8:53 | vjgfvyou.info | udp |
| US | 8.8.8.8:53 | wswgmm.org | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | batknmuzlnd.org | udp |
| US | 8.8.8.8:53 | fypefvfwnub.info | udp |
| US | 8.8.8.8:53 | ssveragyx.net | udp |
| US | 8.8.8.8:53 | wjbcbecdy.net | udp |
| US | 8.8.8.8:53 | gmiskc.com | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | fabades.net | udp |
| US | 8.8.8.8:53 | luyjdv.net | udp |
| US | 8.8.8.8:53 | ucilerferchf.info | udp |
| US | 8.8.8.8:53 | lltejndirap.org | udp |
| US | 8.8.8.8:53 | wmxgnsfsr.info | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | vacyejog.net | udp |
| US | 8.8.8.8:53 | sghmuuw.info | udp |
| US | 8.8.8.8:53 | vmzwhixfyojt.info | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | slawtcimzzft.info | udp |
| US | 8.8.8.8:53 | jhvkbcpnqnsw.info | udp |
| US | 8.8.8.8:53 | lvsytejnus.net | udp |
| US | 8.8.8.8:53 | davmkyr.info | udp |
| US | 8.8.8.8:53 | mitekfuvzpnv.info | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | hhylbxmj.net | udp |
| US | 8.8.8.8:53 | hqpwxrfql.info | udp |
| US | 8.8.8.8:53 | aofcjyjeniv.net | udp |
| US | 8.8.8.8:53 | syqigcioao.com | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | ttjkwfgi.info | udp |
| US | 8.8.8.8:53 | dnlxzcmvny.net | udp |
| US | 8.8.8.8:53 | nuiefajcl.net | udp |
| US | 8.8.8.8:53 | utwnjxrd.net | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | gxyleelm.net | udp |
| US | 8.8.8.8:53 | hhqfmmvozop.net | udp |
| US | 8.8.8.8:53 | zgyszk.info | udp |
| US | 8.8.8.8:53 | jymepkz.net | udp |
| US | 8.8.8.8:53 | yqfimar.info | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | qokrralbqbzd.info | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | tlysxbfrlfsw.info | udp |
| US | 8.8.8.8:53 | zsfqvjxrrdf.net | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | btnffb.net | udp |
| US | 8.8.8.8:53 | buztpyaqmrft.info | udp |
| US | 8.8.8.8:53 | pibgiblkjba.info | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | ogfouvw.net | udp |
| US | 8.8.8.8:53 | eqhstijaqp.net | udp |
| US | 8.8.8.8:53 | ffuevdff.net | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | jgniaygwrqo.org | udp |
| US | 8.8.8.8:53 | oqkusuwemeeg.org | udp |
| US | 8.8.8.8:53 | jnuqgsaxui.net | udp |
| US | 8.8.8.8:53 | pmpdegpwxxgu.net | udp |
| US | 8.8.8.8:53 | pfldcvvfvas.com | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | eeznyolgibnj.net | udp |
| US | 8.8.8.8:53 | bwkqkrln.net | udp |
| US | 8.8.8.8:53 | ipybcq.info | udp |
| US | 8.8.8.8:53 | cjbbyvryunam.info | udp |
| US | 8.8.8.8:53 | zewcrim.net | udp |
| US | 8.8.8.8:53 | mqpmfwrwddp.net | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | tphehbfe.info | udp |
| US | 8.8.8.8:53 | yohgvkxvxlmj.info | udp |
| US | 8.8.8.8:53 | wuuzun.net | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | jlrokefd.info | udp |
| US | 8.8.8.8:53 | mlnwrshy.info | udp |
| US | 8.8.8.8:53 | eyoykwoakmsg.com | udp |
| US | 8.8.8.8:53 | kwdpthbwjopk.net | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | miiaoweoywqg.com | udp |
| US | 8.8.8.8:53 | vghcrcf.org | udp |
| US | 8.8.8.8:53 | yxkmzadvvd.info | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | nkbhbybzpda.com | udp |
| US | 8.8.8.8:53 | mcnddovex.net | udp |
| US | 8.8.8.8:53 | eztcmu.net | udp |
| US | 8.8.8.8:53 | joalnofqnnhq.net | udp |
| US | 8.8.8.8:53 | mmmiecgssuuu.org | udp |
| US | 8.8.8.8:53 | pqvqyszpbcxm.net | udp |
| US | 8.8.8.8:53 | pgbzuqt.org | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | fedmcmgwn.info | udp |
| US | 8.8.8.8:53 | eehyttnoejf.net | udp |
| US | 8.8.8.8:53 | phiuaypupz.info | udp |
| US | 8.8.8.8:53 | vroubvls.info | udp |
| US | 8.8.8.8:53 | nglvtaiyt.net | udp |
| US | 8.8.8.8:53 | jyfqebacwnl.net | udp |
| US | 8.8.8.8:53 | hzgjxs.info | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | wuecmu.org | udp |
| US | 8.8.8.8:53 | ezawbsemtwp.info | udp |
| US | 8.8.8.8:53 | gcrvfq.net | udp |
| US | 8.8.8.8:53 | cegoqu.com | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | wkioof.net | udp |
| US | 8.8.8.8:53 | vvxorqnf.net | udp |
| US | 8.8.8.8:53 | epszmiwaif.net | udp |
| US | 8.8.8.8:53 | rgisdqwfhml.net | udp |
| US | 8.8.8.8:53 | fihqos.info | udp |
| US | 8.8.8.8:53 | qjlxuqj.net | udp |
| US | 8.8.8.8:53 | cycccyuwie.org | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | baxwlvcsl.info | udp |
| US | 8.8.8.8:53 | skmsbencsvsu.info | udp |
| US | 8.8.8.8:53 | naeevmocjyf.net | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | zvesbelun.com | udp |
| US | 8.8.8.8:53 | qetxcrgpncmy.net | udp |
| US | 8.8.8.8:53 | ringhiwif.net | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | eoozifbpxocx.net | udp |
| US | 8.8.8.8:53 | eyyieqauwi.org | udp |
| US | 8.8.8.8:53 | cowqokek.org | udp |
| US | 8.8.8.8:53 | xpvotgepnf.net | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | ngvqvo.info | udp |
| US | 8.8.8.8:53 | lsadlwznm.com | udp |
| US | 8.8.8.8:53 | onnspifa.info | udp |
| US | 8.8.8.8:53 | kenigejs.info | udp |
| US | 8.8.8.8:53 | uqmkoaasaiui.com | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | tlmfyrocce.info | udp |
| US | 8.8.8.8:53 | eepgxnp.info | udp |
| US | 8.8.8.8:53 | czzonhca.net | udp |
| US | 8.8.8.8:53 | ewmsqyew.com | udp |
| US | 8.8.8.8:53 | ztqqdffz.net | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | dzxnhq.net | udp |
| US | 8.8.8.8:53 | mohydglijom.info | udp |
| US | 8.8.8.8:53 | lkhoofalsgbq.info | udp |
| US | 8.8.8.8:53 | shzzpflmh.info | udp |
| US | 8.8.8.8:53 | jepzltihdddm.net | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | akcmrot.info | udp |
| US | 8.8.8.8:53 | kbqlvqqroyyr.net | udp |
| US | 8.8.8.8:53 | ckaiioiqqiwy.org | udp |
| US | 8.8.8.8:53 | biuvrapclfti.info | udp |
| US | 8.8.8.8:53 | znhornae.info | udp |
| US | 8.8.8.8:53 | zwxkzebevez.net | udp |
| US | 8.8.8.8:53 | kynorgtmrit.info | udp |
| US | 8.8.8.8:53 | jkeifpciuq.net | udp |
| US | 8.8.8.8:53 | qwatgpdokrhp.info | udp |
| US | 8.8.8.8:53 | exayvvrspzt.info | udp |
Files
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
| MD5 | 752fd8203cbe79e001d17f60bba106be |
| SHA1 | f84ff7bc4538cf1b1adbd80385fc079b47dd0aad |
| SHA256 | 9ea0c5f5e393e2564d8b5da8ef3b93bd1ac6f1d192641029ef2977bc98a356c5 |
| SHA512 | 0f0747346ac2fe8e9ef1bef70c55811dddce773be3f39066e6d5a1c0b6f3f5fb5e177ed0b53848380aeeef76a2e5e51e808389a6eb6273bbe1c801c75c57bf3c |
C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe
| MD5 | b28fa6555cafc95802f3ddea94c609ce |
| SHA1 | cc96fa61ef893dc781267ebba3bfa90218e6dcba |
| SHA256 | 13e8f8cf343f9c910a2a465fbfb2504a07fb9224bfad739ab6d70ce8c70681b6 |
| SHA512 | 3c5f8d99aa01ab45ea0e5673c0bd593352d446c28cf40e51a3cc77e54a54d197a8e5b8d78cd8df212f16a819a4a067eb987c4cf30a49361e72d39340edc914ba |
C:\Users\Admin\AppData\Local\Temp\mutzkm.exe
| MD5 | 590b9b1518554ea41b0f64f799791cb9 |
| SHA1 | 0eea56caa1873ca503fdb5ad023b039c9299e4cd |
| SHA256 | 56f9b8ffea8a8b05a67d454ef8b31e3d22177af93ac0512e5b0475e6129e4fa4 |
| SHA512 | b0d65e37e8579823ee4ea9f1295fae5376efe4430bab54922ee0b00c49320749eb708df9943eed91979ceecf1160bc3989d495603e343ba1c58d591a253b2cc3 |
C:\Users\Admin\AppData\Local\lqmpxwgfljuihaeegkplowvfe.ith
| MD5 | 0e257ee6fb0e231f9c39085852210027 |
| SHA1 | e25cca5c2a01fafa149cad6ef8629f4c449d9a6b |
| SHA256 | abcb96576a31c2546c781b7347edd729e8241ae086f980641077c9f08464091e |
| SHA512 | a9ff07fbdb71ff84a889854923c877a185ba8286e769f58d6dbf4ab938dbce01956aed30b95351ecbcecc8d6ac8978846b04be1a24805314e9dd42c39fa9289f |
C:\Users\Admin\AppData\Local\qgnbuezjajfeoshsfukrfyidnenjiswlwjyo.jcm
| MD5 | d6ec95c7d565a2a446282de572b279e7 |
| SHA1 | 5de34c19f6db1ac537c5ff23bb3132975371f541 |
| SHA256 | 052467b8c065624a35dcd7cd9e1c32c8ad847e14cddeb109b78470f5b376449b |
| SHA512 | 24985e7738f0f681f7922536cf392221c04f0a3126ae969bf19f3ae5af8970b3c63922a976a10f5139d1e2a75321435ffa9dc1680649ad27da900a9d2d0cadf8 |
C:\Program Files (x86)\lqmpxwgfljuihaeegkplowvfe.ith
| MD5 | 93a45b7f28d43f53dd9542b6fb363fa4 |
| SHA1 | 5ab581825bf77d0f1cb93df326dd4707d1c8f5d3 |
| SHA256 | 1f16f769729188940a57d95a6347475958764cf9a54f01be36ddec644b87ea64 |
| SHA512 | 8a39ca6db99b237a1cbbd5f3f66d16d4597261725a49f3c35a8351cc4188f2ad528ed145bea5bde2603aa342844ec56c75f9e310e78018a36b762efff73a4e85 |
C:\Program Files (x86)\lqmpxwgfljuihaeegkplowvfe.ith
| MD5 | 1242ce12c87d67ce6068e7d20d7caf21 |
| SHA1 | 70844034587524768949a59686086ca0b644ed75 |
| SHA256 | 852d7524b4e5494fa512e9fcfe65554f2cfe43da38c1959085712f592e0bac99 |
| SHA512 | 58abec0a9066b26b2c1db1c16196e42fd0f25c075ed1238bc2c01ee837ecef0be8356d68857a4d0056819acc1950e82c1e3e3bc4c00c21ba66a60b98a029b112 |
C:\Program Files (x86)\lqmpxwgfljuihaeegkplowvfe.ith
| MD5 | 1415cd6290e3e3c0965a5871f38b8758 |
| SHA1 | f550687a4f3f2efc9a614ab396e972c18f9b9506 |
| SHA256 | 39c5530f3d1847ee1b5a9c64f622b6178ae6daf5fb5ddf2b368a143125acfe4d |
| SHA512 | ba1169a902ea47e64934e0b8a4bbd732dc913987361eaad2099dab29e3d659d7aaec654cebf520d1cde21fed8e59dabf438bb2b77eb2b0612746464ebdd877a3 |
C:\Program Files (x86)\lqmpxwgfljuihaeegkplowvfe.ith
| MD5 | 7390c4f8710b15acfbd30c6e448595c5 |
| SHA1 | e8d92eef99573b5842bfb575d42bd77d9a8e85dd |
| SHA256 | d7e05e27f2e7ebb242654cd9471bc38b64ee451473dab40c8eed22c2c1dde90f |
| SHA512 | d8e6e6e3a5bfca20647f80eb0b90973d763631704f195601ad2cf69daa0a760de921881c37e89ff20e8443ebf99ac101c85d1268c6be0ff634383761c1f7e870 |
C:\Program Files (x86)\lqmpxwgfljuihaeegkplowvfe.ith
| MD5 | 8780ef9c9ba76a5c364379b2db21e619 |
| SHA1 | e14bd2602d7a48def47a9164aaffd75289b699f5 |
| SHA256 | 5e78889b94a9e4190c6adeda9b1f81dc3a0403ccaf694df377cc552a9a9a90de |
| SHA512 | 37b6eeff3283925e10a0b8d265d17fea03a98b6b3434fedad115f4b7d1db0791455e3974074e5d9d39d500db5835269678a3825d4099019a94b78976b46e2d95 |
C:\Program Files (x86)\lqmpxwgfljuihaeegkplowvfe.ith
| MD5 | 4828a682beaabcfd5c3184bad1f853ea |
| SHA1 | db8177259399ebcb9bfbe3d3ebcc227b35e56038 |
| SHA256 | 5c28a3e4e73cec57c5c05d92f4c7a80179f7475fb9e2384b9a6c7306672699b6 |
| SHA512 | a07fbedcdc7cd48528275a06844bde96f371166ad0f24a1512419985995d6d56dcddcb735fd3c50b549d61f245d62c6f044151ed673064bffb8d952d3621f47d |
C:\Program Files (x86)\lqmpxwgfljuihaeegkplowvfe.ith
| MD5 | 7853e2810074349c99dda00aaf1747ba |
| SHA1 | d908479eaf139ba2863d31e47670d338c7648ee1 |
| SHA256 | 2904c525c9c08a5d86c2cb007fe264617db8b579fa28b1f626582bcb9c2ff1f4 |
| SHA512 | b9b2fb9edd7f6519ea64a5d9322cc8e7d0ede0e3182dbbff152f4c4784c14e1ebefeaa9203cfdd4c03c29d52d5675349ea696b18763cedbbd2dd32b48bb3bf46 |