Analysis Overview
SHA256
f3cb92699801b3fd4ca75d9e7a09d1b40b0a4591399753c4222c0b6385d8c897
Threat Level: Known bad
The file JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0 was found to be: Known bad.
Malicious Activity Summary
Pykspa family
Pykspa
UAC bypass
Modifies WinLogon for persistence
Detect Pykspa worm
Disables RegEdit via registry modification
Adds policy Run key to start application
Impair Defenses: Safe Mode Boot
Checks computer location settings
Executes dropped EXE
Checks whether UAC is enabled
Hijack Execution Flow: Executable Installer File Permissions Weakness
Looks up external IP address via web service
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Unsigned PE
System policy modification
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-12 15:48
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-12 15:48
Reported
2025-04-12 15:50
Platform
win10v2004-20250314-en
Max time kernel
47s
Max time network
151s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "maxwikxvmfdxtmjoqziw.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "maxwikxvmfdxtmjoqziw.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maxwikxvmfdxtmjoqziw.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "fqkgpoythxsjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "yibweclfshbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqoobesrjdcxuomsvfpec.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yibweclfshbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maxwikxvmfdxtmjoqziw.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "oavsccnjypldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "fqkgpoythxsjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "zmigrsebrjgzumimnvd.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maxwikxvmfdxtmjoqziw.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fqkgpoythxsjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "maxwikxvmfdxtmjoqziw.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "maxwikxvmfdxtmjoqziw.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "fqkgpoythxsjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yibweclfshbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maxwikxvmfdxtmjoqziw.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "yibweclfshbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "zmigrsebrjgzumimnvd.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "bqoobesrjdcxuomsvfpec.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "fqkgpoythxsjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "bqoobesrjdcxuomsvfpec.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maxwikxvmfdxtmjoqziw.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "zmigrsebrjgzumimnvd.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "fqkgpoythxsjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "yibweclfshbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqoobesrjdcxuomsvfpec.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fqkgpoythxsjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "fqkgpoythxsjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "yibweclfshbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "fqkgpoythxsjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "maxwikxvmfdxtmjoqziw.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yibweclfshbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "yibweclfshbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "maxwikxvmfdxtmjoqziw.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\zmigrsebrjgzumimnvd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\bqoobesrjdcxuomsvfpec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\oavsccnjypldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\fqkgpoythxsjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\maxwikxvmfdxtmjoqziw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\bqoobesrjdcxuomsvfpec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\maxwikxvmfdxtmjoqziw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\bqoobesrjdcxuomsvfpec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\maxwikxvmfdxtmjoqziw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\fqkgpoythxsjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\oavsccnjypldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\oavsccnjypldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\zmigrsebrjgzumimnvd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\fqkgpoythxsjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\bqoobesrjdcxuomsvfpec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\fqkgpoythxsjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\oavsccnjypldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\fqkgpoythxsjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\fqkgpoythxsjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\fqkgpoythxsjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\fqkgpoythxsjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\maxwikxvmfdxtmjoqziw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\bqoobesrjdcxuomsvfpec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\oavsccnjypldxojmmt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\maxwikxvmfdxtmjoqziw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\maxwikxvmfdxtmjoqziw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\maxwikxvmfdxtmjoqziw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\yibweclfshbrjyrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Windows\bqoobesrjdcxuomsvfpec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "zmigrsebrjgzumimnvd.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmvges = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ycpegybpwf = "oavsccnjypldxojmmt.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "fqkgpoythxsjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ycpegybpwf = "bqoobesrjdcxuomsvfpec.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fqkgpoythxsjcsmon.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maxwikxvmfdxtmjoqziw.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ycpegybpwf = "zmigrsebrjgzumimnvd.exe ." | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "maxwikxvmfdxtmjoqziw.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "bqoobesrjdcxuomsvfpec.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tymcfycrzjy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maxwikxvmfdxtmjoqziw.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fqkgpoythxsjcsmon.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "bqoobesrjdcxuomsvfpec.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ycpegybpwf = "fqkgpoythxsjcsmon.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "zmigrsebrjgzumimnvd.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qwlcgafvepfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "maxwikxvmfdxtmjoqziw.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "oavsccnjypldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmvges = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "maxwikxvmfdxtmjoqziw.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "oavsccnjypldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "maxwikxvmfdxtmjoqziw.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ycpegybpwf = "zmigrsebrjgzumimnvd.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "fqkgpoythxsjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "maxwikxvmfdxtmjoqziw.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "oavsccnjypldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmvges = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yibweclfshbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqoobesrjdcxuomsvfpec.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqoobesrjdcxuomsvfpec.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qwlcgafvepfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fqkgpoythxsjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "zmigrsebrjgzumimnvd.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "maxwikxvmfdxtmjoqziw.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmvges = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qwlcgafvepfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tymcfycrzjy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fqkgpoythxsjcsmon.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tymcfycrzjy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe ." | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmvges = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maxwikxvmfdxtmjoqziw.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe ." | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yibweclfshbrjyrs.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "fqkgpoythxsjcsmon.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qwlcgafvepfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmvges = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmvges = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "yibweclfshbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "bqoobesrjdcxuomsvfpec.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ycpegybpwf = "maxwikxvmfdxtmjoqziw.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tymcfycrzjy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmvges = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmvges = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maxwikxvmfdxtmjoqziw.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "oavsccnjypldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "zmigrsebrjgzumimnvd.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ycpegybpwf = "maxwikxvmfdxtmjoqziw.exe ." | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "zmigrsebrjgzumimnvd.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "maxwikxvmfdxtmjoqziw.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ycpegybpwf = "fqkgpoythxsjcsmon.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "bqoobesrjdcxuomsvfpec.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "yibweclfshbrjyrs.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "bqoobesrjdcxuomsvfpec.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmvges = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqoobesrjdcxuomsvfpec.exe" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yibweclfshbrjyrs.exe ." | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "bqoobesrjdcxuomsvfpec.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qwlcgafvepfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bqoobesrjdcxuomsvfpec.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zmigrsebrjgzumimnvd.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oavsccnjypldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yibweclfshbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oavsccnjypldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fqkgpoythxsjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bqoobesrjdcxuomsvfpec.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yibweclfshbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fqkgpoythxsjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oavsccnjypldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fqkgpoythxsjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zmigrsebrjgzumimnvd.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zmigrsebrjgzumimnvd.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bqoobesrjdcxuomsvfpec.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yibweclfshbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yibweclfshbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File created | C:\Windows\SysWOW64\dwyctasvrpsrsqscjxleg.bia | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| File created | C:\Windows\SysWOW64\ycpegybpwftdpylgyxwancewznudrbnw.ewv | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zmigrsebrjgzumimnvd.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oavsccnjypldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yibweclfshbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bqoobesrjdcxuomsvfpec.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zmigrsebrjgzumimnvd.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yibweclfshbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yibweclfshbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zmigrsebrjgzumimnvd.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bqoobesrjdcxuomsvfpec.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bqoobesrjdcxuomsvfpec.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yibweclfshbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oavsccnjypldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yibweclfshbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bqoobesrjdcxuomsvfpec.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bqoobesrjdcxuomsvfpec.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fqkgpoythxsjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oavsccnjypldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bqoobesrjdcxuomsvfpec.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fqkgpoythxsjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zmigrsebrjgzumimnvd.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fqkgpoythxsjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\dwyctasvrpsrsqscjxleg.bia | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| File created | C:\Program Files (x86)\dwyctasvrpsrsqscjxleg.bia | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| File opened for modification | C:\Program Files (x86)\ycpegybpwftdpylgyxwancewznudrbnw.ewv | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| File created | C:\Program Files (x86)\ycpegybpwftdpylgyxwancewznudrbnw.ewv | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\zmigrsebrjgzumimnvd.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\zmigrsebrjgzumimnvd.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\maxwikxvmfdxtmjoqziw.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\maxwikxvmfdxtmjoqziw.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\oavsccnjypldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\oavsccnjypldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\zmigrsebrjgzumimnvd.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\fqkgpoythxsjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\maxwikxvmfdxtmjoqziw.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\yibweclfshbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\sihiwappiddzxsrycnyono.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\fqkgpoythxsjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\yibweclfshbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\oavsccnjypldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\fqkgpoythxsjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\yibweclfshbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\zmigrsebrjgzumimnvd.exe | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| File opened for modification | C:\Windows\bqoobesrjdcxuomsvfpec.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\fqkgpoythxsjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\yibweclfshbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| File opened for modification | C:\Windows\bqoobesrjdcxuomsvfpec.exe | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| File opened for modification | C:\Windows\maxwikxvmfdxtmjoqziw.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\bqoobesrjdcxuomsvfpec.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\oavsccnjypldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\sihiwappiddzxsrycnyono.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\oavsccnjypldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\oavsccnjypldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\maxwikxvmfdxtmjoqziw.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\maxwikxvmfdxtmjoqziw.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\maxwikxvmfdxtmjoqziw.exe | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| File opened for modification | C:\Windows\zmigrsebrjgzumimnvd.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\sihiwappiddzxsrycnyono.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\sihiwappiddzxsrycnyono.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\yibweclfshbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\zmigrsebrjgzumimnvd.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\yibweclfshbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\oavsccnjypldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File created | C:\Windows\dwyctasvrpsrsqscjxleg.bia | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| File opened for modification | C:\Windows\yibweclfshbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\maxwikxvmfdxtmjoqziw.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\yibweclfshbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| File opened for modification | C:\Windows\fqkgpoythxsjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\bqoobesrjdcxuomsvfpec.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\yibweclfshbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\sihiwappiddzxsrycnyono.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\zmigrsebrjgzumimnvd.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\fqkgpoythxsjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\zmigrsebrjgzumimnvd.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\fqkgpoythxsjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\bqoobesrjdcxuomsvfpec.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\bqoobesrjdcxuomsvfpec.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\oavsccnjypldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| File opened for modification | C:\Windows\fqkgpoythxsjcsmon.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\zmigrsebrjgzumimnvd.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\sihiwappiddzxsrycnyono.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\maxwikxvmfdxtmjoqziw.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\yibweclfshbrjyrs.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\oavsccnjypldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\oavsccnjypldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| File opened for modification | C:\Windows\oavsccnjypldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\zmigrsebrjgzumimnvd.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\oavsccnjypldxojmmt.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\bqoobesrjdcxuomsvfpec.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| File opened for modification | C:\Windows\bqoobesrjdcxuomsvfpec.exe | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oavsccnjypldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zmigrsebrjgzumimnvd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bqoobesrjdcxuomsvfpec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oavsccnjypldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fqkgpoythxsjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\maxwikxvmfdxtmjoqziw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bqoobesrjdcxuomsvfpec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fqkgpoythxsjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\maxwikxvmfdxtmjoqziw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zmigrsebrjgzumimnvd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yibweclfshbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fqkgpoythxsjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oavsccnjypldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bqoobesrjdcxuomsvfpec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fqkgpoythxsjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oavsccnjypldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fqkgpoythxsjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oavsccnjypldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fqkgpoythxsjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\maxwikxvmfdxtmjoqziw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bqoobesrjdcxuomsvfpec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fqkgpoythxsjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yibweclfshbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fqkgpoythxsjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\oavsccnjypldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\maxwikxvmfdxtmjoqziw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yibweclfshbrjyrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\fqkgpoythxsjcsmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\maxwikxvmfdxtmjoqziw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\maxwikxvmfdxtmjoqziw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe"
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b2b7b9be91e42f447618c78205cfccb0.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."
C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe
"C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe" "-C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe"
C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe
"C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe" "-C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe .
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe .
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe .
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."
C:\Windows\oavsccnjypldxojmmt.exe
oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .
C:\Windows\yibweclfshbrjyrs.exe
yibweclfshbrjyrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Windows\fqkgpoythxsjcsmon.exe
fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe
C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .
C:\Windows\zmigrsebrjgzumimnvd.exe
zmigrsebrjgzumimnvd.exe
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe
C:\Windows\maxwikxvmfdxtmjoqziw.exe
maxwikxvmfdxtmjoqziw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .
C:\Windows\bqoobesrjdcxuomsvfpec.exe
bqoobesrjdcxuomsvfpec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .
Network
| Country | Destination | Domain | Proto |
| GB | 88.221.135.17:443 | www.bing.com | tcp |
| GB | 88.221.135.17:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.204.68:80 | www.google.com | tcp |
| BG | 212.104.122.148:17590 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | ukhabwvlf.net | udp |
| US | 8.8.8.8:53 | dyuuostwxx.net | udp |
| US | 8.8.8.8:53 | yuooqwmgew.org | udp |
| US | 8.8.8.8:53 | umkyeiyc.org | udp |
| US | 8.8.8.8:53 | dmpaosvtn.com | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | iegqtgjanst.info | udp |
| US | 8.8.8.8:53 | uoiqay.com | udp |
| US | 8.8.8.8:53 | truthsbplrro.net | udp |
| US | 8.8.8.8:53 | hsqfvx.net | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | axdkvgw.net | udp |
| US | 8.8.8.8:53 | rfjwvsrhph.net | udp |
| US | 8.8.8.8:53 | yuyukkqoyy.org | udp |
| US | 8.8.8.8:53 | ecugyycmci.com | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | khoabjinzpbv.info | udp |
| US | 8.8.8.8:53 | geiycy.org | udp |
| US | 8.8.8.8:53 | nmvrrix.net | udp |
| US | 8.8.8.8:53 | yicamgys.com | udp |
| US | 8.8.8.8:53 | pfgjtkzkh.net | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | rirkqbwnd.info | udp |
| US | 8.8.8.8:53 | agsslrilxbci.info | udp |
| BG | 178.254.209.115:22101 | tcp | |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | yxmafkllii.info | udp |
| US | 8.8.8.8:53 | tcrleitjyxz.com | udp |
| US | 8.8.8.8:53 | mcpluopr.info | udp |
| US | 8.8.8.8:53 | xwzepijqzuk.net | udp |
| US | 8.8.8.8:53 | rgvisyjqjzt.org | udp |
| US | 8.8.8.8:53 | zfwohaet.net | udp |
| US | 8.8.8.8:53 | tqdjhguh.info | udp |
| US | 8.8.8.8:53 | hynurczgd.net | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | jgpuhqr.net | udp |
| US | 8.8.8.8:53 | fxdyllnmzn.net | udp |
| US | 8.8.8.8:53 | dfnedkz.info | udp |
| US | 8.8.8.8:53 | uszljdzvz.info | udp |
| US | 8.8.8.8:53 | wyicmwmiqm.com | udp |
| US | 8.8.8.8:53 | dqyydcnk.net | udp |
| US | 8.8.8.8:53 | icpitflidav.info | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | peugxeckkrw.com | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | pzratqwsxir.net | udp |
| US | 8.8.8.8:53 | gqfabq.net | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | cmbyisrjobdg.info | udp |
| US | 8.8.8.8:53 | ldtkkbjsjof.org | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | qhegpfzfzthw.info | udp |
| US | 8.8.8.8:53 | rxjwdshwd.org | udp |
| US | 8.8.8.8:53 | cttqvz.info | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | hmqtnhumwmpq.net | udp |
| US | 8.8.8.8:53 | kyknmqoav.net | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | dzelsuacik.info | udp |
| BG | 84.238.144.124:33816 | tcp | |
| US | 8.8.8.8:53 | slsfykgjfwxr.info | udp |
| US | 8.8.8.8:53 | znlonr.info | udp |
| US | 8.8.8.8:53 | agpyvikus.net | udp |
| US | 8.8.8.8:53 | vydskdhqdayn.info | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | fhferxppfhjr.info | udp |
| US | 8.8.8.8:53 | yuecge.net | udp |
| US | 8.8.8.8:53 | vmlpskz.com | udp |
| US | 8.8.8.8:53 | lqfuryo.net | udp |
| US | 8.8.8.8:53 | nbnyhdlarbzf.info | udp |
| US | 8.8.8.8:53 | ihksuunwtcl.net | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | dmstyidanf.info | udp |
| US | 8.8.8.8:53 | tqnpaaro.net | udp |
| US | 8.8.8.8:53 | yitivcd.net | udp |
| US | 8.8.8.8:53 | potsrqrab.info | udp |
| US | 8.8.8.8:53 | yplfwydnh.info | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | emjixqjix.net | udp |
| US | 8.8.8.8:53 | nuxjvf.net | udp |
| US | 8.8.8.8:53 | aezodiyiuky.net | udp |
| US | 8.8.8.8:53 | vtmlxfot.info | udp |
| US | 8.8.8.8:53 | idrmlscsum.info | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | vexeczxhro.info | udp |
| US | 8.8.8.8:53 | hbmwpuey.net | udp |
| US | 8.8.8.8:53 | nvmqtbtjo.info | udp |
| US | 8.8.8.8:53 | ngsyjjxodc.net | udp |
| US | 8.8.8.8:53 | pkgyxaxumip.info | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | xmvsfur.org | udp |
| US | 8.8.8.8:53 | iwjfdxmyywpm.net | udp |
| US | 8.8.8.8:53 | emisuouqqkmy.com | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | iaicocyyie.com | udp |
| US | 8.8.8.8:53 | eaxqqrajavxr.net | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | qepyutvw.info | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | fqfsruv.net | udp |
| US | 8.8.8.8:53 | xowpnrx.net | udp |
| US | 8.8.8.8:53 | qkagwcckwk.org | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | eqeiewddrgjn.net | udp |
| US | 8.8.8.8:53 | ojodjsuxxyli.net | udp |
| US | 8.8.8.8:53 | esyasr.info | udp |
| DE | 88.216.62.113:34375 | tcp | |
| US | 8.8.8.8:53 | sawwigoqki.org | udp |
| US | 8.8.8.8:53 | zrpiqqdwzis.info | udp |
| US | 8.8.8.8:53 | xibwutd.info | udp |
| US | 8.8.8.8:53 | oeuuge.org | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | tqespaf.org | udp |
| US | 8.8.8.8:53 | udhothlyzouv.net | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | ewwyalz.net | udp |
| US | 8.8.8.8:53 | zukxcav.org | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | gswonqjeu.net | udp |
| US | 8.8.8.8:53 | uudocyt.net | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | wvaclyqg.net | udp |
| US | 8.8.8.8:53 | eqqmhn.net | udp |
| US | 8.8.8.8:53 | barmgootk.net | udp |
| US | 8.8.8.8:53 | jgwcoofzbun.net | udp |
| US | 8.8.8.8:53 | kkymaomawm.org | udp |
| US | 8.8.8.8:53 | akabzjqy.info | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | wojnqnt.net | udp |
| US | 8.8.8.8:53 | hskbifhupuv.net | udp |
| US | 8.8.8.8:53 | ouimiigeimqc.com | udp |
| US | 8.8.8.8:53 | qzjszyxgtgn.info | udp |
| US | 8.8.8.8:53 | taarezltzbfb.net | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | xjykdox.org | udp |
| US | 8.8.8.8:53 | ctpvww.info | udp |
| US | 8.8.8.8:53 | gbeglndwzz.info | udp |
| US | 8.8.8.8:53 | libkzyhemgc.org | udp |
| US | 8.8.8.8:53 | zboybkjyj.org | udp |
| US | 8.8.8.8:53 | nkrugqeebab.com | udp |
| US | 8.8.8.8:53 | ushyaighhmlt.info | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | ccvzyakegzoo.info | udp |
| US | 8.8.8.8:53 | iovzoqp.net | udp |
| US | 8.8.8.8:53 | xitbjksec.info | udp |
| LT | 91.187.164.235:33876 | tcp | |
| US | 8.8.8.8:53 | upmkxipfjy.info | udp |
| US | 8.8.8.8:53 | vqgmpsutx.org | udp |
| US | 8.8.8.8:53 | tlpxvwdj.info | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | dwmkfzhhzmq.info | udp |
| US | 8.8.8.8:53 | huomlunix.info | udp |
| US | 8.8.8.8:53 | yomusu.com | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | jqbuxkvwm.info | udp |
| US | 8.8.8.8:53 | gkwtlrssvip.net | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | uupgrwoctig.info | udp |
| US | 8.8.8.8:53 | ogagoauymkgi.org | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | xkksuaqezut.net | udp |
| US | 8.8.8.8:53 | dmnaxqeurug.info | udp |
| US | 8.8.8.8:53 | vdrkxqzvhxdg.info | udp |
| US | 8.8.8.8:53 | xtaizc.net | udp |
| US | 8.8.8.8:53 | fjpvhkxgwxla.info | udp |
| US | 8.8.8.8:53 | zgvcafvg.net | udp |
| US | 8.8.8.8:53 | wznabvihkcdb.net | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | yeqiiwiq.com | udp |
| US | 8.8.8.8:53 | rswyleo.net | udp |
| US | 8.8.8.8:53 | uscawswekwca.com | udp |
| US | 8.8.8.8:53 | xnqupo.net | udp |
| US | 8.8.8.8:53 | cyqcqa.com | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | uihvyuj.info | udp |
| US | 8.8.8.8:53 | tcrnxafdbyx.org | udp |
| US | 8.8.8.8:53 | vszduwunrxjm.info | udp |
| US | 8.8.8.8:53 | tnfswqveavz.info | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | fejauk.info | udp |
| BG | 89.252.234.82:33728 | tcp | |
| US | 8.8.8.8:53 | iisfhhbga.net | udp |
| US | 8.8.8.8:53 | dhphfixaobbh.info | udp |
| US | 8.8.8.8:53 | hsfgdwr.net | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | tdchjxar.net | udp |
| US | 8.8.8.8:53 | jcrmmizktkn.com | udp |
| US | 8.8.8.8:53 | fzclgwnbikh.info | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | eerojah.net | udp |
| US | 8.8.8.8:53 | symiao.org | udp |
| US | 8.8.8.8:53 | eebmjmujjba.info | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | wlncxjueowev.net | udp |
| US | 8.8.8.8:53 | ykykga.org | udp |
| US | 8.8.8.8:53 | irvnmlbyfw.net | udp |
| US | 8.8.8.8:53 | oavkdkr.info | udp |
| US | 8.8.8.8:53 | suoancjod.info | udp |
| US | 8.8.8.8:53 | rznovg.net | udp |
| US | 8.8.8.8:53 | vmzwhixfyojt.info | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | emiciauakmme.org | udp |
| US | 8.8.8.8:53 | igaasway.com | udp |
| US | 8.8.8.8:53 | jscevkv.net | udp |
| US | 8.8.8.8:53 | uqkusqwymu.org | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | kkqqsyyy.org | udp |
| US | 8.8.8.8:53 | irgzkjfrzk.info | udp |
| US | 8.8.8.8:53 | dezgjkdue.info | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | lerdirojfcyg.net | udp |
| US | 8.8.8.8:53 | fvhymjohak.net | udp |
| US | 8.8.8.8:53 | kewigkyywe.com | udp |
| US | 8.8.8.8:53 | redodnz.com | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | ttjkwfgi.info | udp |
| US | 8.8.8.8:53 | awuarqw.info | udp |
| US | 8.8.8.8:53 | yklcztz.info | udp |
| US | 8.8.8.8:53 | jleltetr.info | udp |
| US | 8.8.8.8:53 | iceryyh.net | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | gxyleelm.net | udp |
| US | 8.8.8.8:53 | xgxyducqbua.info | udp |
| US | 8.8.8.8:53 | ackmeu.com | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | gplixml.info | udp |
| US | 8.8.8.8:53 | ieoosciq.org | udp |
| US | 8.8.8.8:53 | eldjrwtvlqpr.info | udp |
| MD | 46.55.26.81:27433 | tcp | |
| US | 8.8.8.8:53 | fifutsiya.info | udp |
| US | 8.8.8.8:53 | vembqo.net | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | hxzrjhrn.net | udp |
| US | 8.8.8.8:53 | ttfutuqoirf.org | udp |
| US | 8.8.8.8:53 | qymwmwuqkaom.org | udp |
| US | 8.8.8.8:53 | scecmwuaiw.org | udp |
| US | 8.8.8.8:53 | chdceanmd.net | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | buztpyaqmrft.info | udp |
| US | 8.8.8.8:53 | kwwsvvjrtf.info | udp |
| US | 8.8.8.8:53 | gosamc.com | udp |
| US | 8.8.8.8:53 | ulhxbqn.info | udp |
| US | 8.8.8.8:53 | uegooykycwqa.org | udp |
| US | 8.8.8.8:53 | psvfgungqcz.com | udp |
| US | 8.8.8.8:53 | dcmkzll.org | udp |
| US | 8.8.8.8:53 | izzkwsycb.net | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | fsdjni.info | udp |
| US | 8.8.8.8:53 | qioiokiq.org | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | jgniaygwrqo.org | udp |
| US | 8.8.8.8:53 | dguixccvr.com | udp |
| US | 8.8.8.8:53 | nucbff.info | udp |
| US | 8.8.8.8:53 | iomcmimaugga.org | udp |
| US | 8.8.8.8:53 | bshrslz.net | udp |
| US | 8.8.8.8:53 | zfditavifn.info | udp |
| US | 8.8.8.8:53 | ysiksyyuomqq.com | udp |
| BG | 95.42.247.158:33492 | tcp | |
| US | 8.8.8.8:53 | hkjylkpwkcw.org | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | iycagcee.org | udp |
| US | 8.8.8.8:53 | gucqwm.org | udp |
| US | 8.8.8.8:53 | kloqjtxyzqt.net | udp |
| US | 8.8.8.8:53 | okysoykicqqc.com | udp |
| US | 8.8.8.8:53 | trvqjhwzpaq.net | udp |
| US | 8.8.8.8:53 | mqpmfwrwddp.net | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | ziamhhuif.com | udp |
| US | 8.8.8.8:53 | msakyiyi.com | udp |
| US | 8.8.8.8:53 | jsouptoyh.com | udp |
| US | 8.8.8.8:53 | qepvhuadiyi.net | udp |
| US | 8.8.8.8:53 | gssios.com | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | jebkoojvkmu.net | udp |
| US | 8.8.8.8:53 | eyoykwoakmsg.com | udp |
| US | 8.8.8.8:53 | nwxbzizv.info | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | ncsusclfpa.info | udp |
| US | 8.8.8.8:53 | miafzeu.info | udp |
| US | 8.8.8.8:53 | omhwhsv.net | udp |
| US | 8.8.8.8:53 | sphivgbvrdzc.info | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | nkbhbybzpda.com | udp |
| US | 8.8.8.8:53 | sfpjfyzigwys.info | udp |
| LT | 86.100.211.161:43347 | tcp | |
| US | 8.8.8.8:53 | zmcqao.info | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | iewskikuay.org | udp |
| US | 8.8.8.8:53 | finoxma.net | udp |
| US | 8.8.8.8:53 | sdvhzwzt.net | udp |
| US | 8.8.8.8:53 | pmslhazqdkt.org | udp |
| US | 8.8.8.8:53 | bfukdahxnws.com | udp |
| US | 8.8.8.8:53 | zlnuxxsufafc.info | udp |
| US | 8.8.8.8:53 | omeecmmwsges.com | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | axbpoyvs.info | udp |
| US | 8.8.8.8:53 | cegoqu.com | udp |
| US | 8.8.8.8:53 | kssawmya.org | udp |
| US | 8.8.8.8:53 | iyclkizo.info | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | blolvxvtddca.info | udp |
| US | 8.8.8.8:53 | czbsfs.info | udp |
| US | 8.8.8.8:53 | neplcl.info | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | mbuwzsow.net | udp |
| US | 8.8.8.8:53 | aipsyrgai.net | udp |
| US | 8.8.8.8:53 | dilqgxacwo.info | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | vmmpoomqf.net | udp |
| US | 8.8.8.8:53 | hnhqzpvxuhoa.info | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | vaybvafefi.net | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | ngvqvo.info | udp |
| US | 8.8.8.8:53 | vmpyfstqoes.info | udp |
| US | 8.8.8.8:53 | lsbclcjdicj.info | udp |
| US | 8.8.8.8:53 | mwhegofgp.net | udp |
| US | 8.8.8.8:53 | lsadlwznm.com | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | qgmyim.org | udp |
| US | 8.8.8.8:53 | jlftdoty.info | udp |
| US | 8.8.8.8:53 | tpmoouwfjdqg.net | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | lefigpxkvcg.net | udp |
| US | 8.8.8.8:53 | lcyeri.net | udp |
| US | 8.8.8.8:53 | mlbyfqpixft.info | udp |
| US | 8.8.8.8:53 | tafybwhpr.info | udp |
| US | 8.8.8.8:53 | oropgibicsmc.net | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | oroavtmsaicj.net | udp |
| US | 8.8.8.8:53 | ouiuea.org | udp |
| US | 8.8.8.8:53 | acrmfcslu.net | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | jntsbugvln.net | udp |
| US | 8.8.8.8:53 | qovlivhvqzom.info | udp |
| US | 8.8.8.8:53 | lcaqctxbyv.info | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | rwjaduh.info | udp |
| US | 8.8.8.8:53 | buzkvgluklk.net | udp |
| US | 8.8.8.8:53 | iblxhs.net | udp |
| US | 8.8.8.8:53 | thgybpassscw.net | udp |
| OM | 87.121.174.194:28894 | tcp | |
| US | 8.8.8.8:53 | bckldxuptn.net | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | jlrxpp.info | udp |
| US | 8.8.8.8:53 | ethcdwju.net | udp |
| US | 8.8.8.8:53 | rgqkfozf.net | udp |
| US | 8.8.8.8:53 | sipwngdqd.info | udp |
| US | 8.8.8.8:53 | fcytchvjbw.net | udp |
| US | 8.8.8.8:53 | pwrwaqtot.net | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | hibhhsp.com | udp |
| US | 8.8.8.8:53 | tawhduiinsuz.net | udp |
| US | 8.8.8.8:53 | zzbybox.com | udp |
| US | 8.8.8.8:53 | icayuibed.info | udp |
| US | 8.8.8.8:53 | icgwiacuyaui.org | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | xifoviz.net | udp |
| US | 8.8.8.8:53 | xwnadm.info | udp |
| US | 8.8.8.8:53 | qtpmlcrerdi.net | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | rciepom.net | udp |
| US | 8.8.8.8:53 | evsjojpwdmlm.info | udp |
| US | 8.8.8.8:53 | gkeigksi.com | udp |
| US | 8.8.8.8:53 | qwgkou.org | udp |
| US | 8.8.8.8:53 | wuosyawle.info | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | zhvivltg.info | udp |
| US | 8.8.8.8:53 | kipqopv.info | udp |
| US | 8.8.8.8:53 | sopubgatuaz.net | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | fqeyludecdd.info | udp |
| US | 8.8.8.8:53 | dtnhzw.net | udp |
| US | 8.8.8.8:53 | zuzvjhojarcc.info | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | eoorrd.info | udp |
| US | 8.8.8.8:53 | tppuatjf.net | udp |
| US | 8.8.8.8:53 | spxlbemev.net | udp |
| US | 8.8.8.8:53 | vwnihionjrol.info | udp |
| US | 8.8.8.8:53 | lkikbrh.net | udp |
| US | 8.8.8.8:53 | mzvrbqxmfof.net | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | fddbzgeam.org | udp |
| US | 8.8.8.8:53 | ncbykakst.net | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | tontwunhotwg.info | udp |
| US | 8.8.8.8:53 | djpfnartttrq.info | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | wqdpfqxhkj.net | udp |
| US | 8.8.8.8:53 | vuccbptrp.info | udp |
| US | 8.8.8.8:53 | ywiuwoay.org | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | mgryfyx.net | udp |
| US | 8.8.8.8:53 | hsfonvtge.com | udp |
| US | 8.8.8.8:53 | uqajtw.net | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | oacctkr.net | udp |
| US | 8.8.8.8:53 | bbkrlwdo.net | udp |
| US | 8.8.8.8:53 | bmtdui.net | udp |
| US | 8.8.8.8:53 | cemwigsoauis.com | udp |
| US | 8.8.8.8:53 | wmuyfivub.info | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | fmbpiwbr.net | udp |
| US | 8.8.8.8:53 | tvreijdu.info | udp |
| LT | 78.60.234.188:44989 | tcp | |
| US | 8.8.8.8:53 | wooeiqow.com | udp |
| US | 8.8.8.8:53 | tvzonepudks.org | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | qkqgeygakqso.com | udp |
| US | 8.8.8.8:53 | dsfiebfq.net | udp |
| US | 8.8.8.8:53 | jiekklrlbj.net | udp |
| US | 8.8.8.8:53 | xnmtdqp.info | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | jalgaof.com | udp |
| US | 8.8.8.8:53 | bzzixvfyy.net | udp |
| US | 8.8.8.8:53 | goqaeowege.org | udp |
| US | 8.8.8.8:53 | mybgdqrsf.info | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | xolitzuifql.net | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | aysecakckgqq.org | udp |
| US | 8.8.8.8:53 | rusebqveluz.info | udp |
| US | 8.8.8.8:53 | iadtksv.net | udp |
| US | 8.8.8.8:53 | yhmylzvnrjpj.net | udp |
| US | 8.8.8.8:53 | fmryuucedwa.info | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | gouehme.net | udp |
| US | 8.8.8.8:53 | sqwboeab.net | udp |
| US | 8.8.8.8:53 | uaoagcsaicqu.com | udp |
| US | 8.8.8.8:53 | ulcsfmsxts.net | udp |
| US | 8.8.8.8:53 | nyedbtxz.net | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | hlixjmj.net | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | gsbtbsw.net | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | wsqoumoask.com | udp |
| US | 8.8.8.8:53 | kmhbiiiwv.net | udp |
| US | 8.8.8.8:53 | behsisjmh.com | udp |
| US | 8.8.8.8:53 | aebvzyl.net | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | dshqrikunmi.com | udp |
| US | 8.8.8.8:53 | goswcwkqyc.org | udp |
| US | 8.8.8.8:53 | qraval.net | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | tbtljamh.net | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | fuxtkk.info | udp |
| US | 8.8.8.8:53 | ackpcyksk.net | udp |
| US | 8.8.8.8:53 | slburd.info | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | cqockgsqusqg.org | udp |
| DE | 95.169.204.76:25097 | tcp | |
| US | 8.8.8.8:53 | fafeomvffqj.com | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | tqbijikzg.org | udp |
| US | 8.8.8.8:53 | ikciimcsck.com | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | gyfavvd.info | udp |
| US | 8.8.8.8:53 | nftahxpjqa.net | udp |
| US | 8.8.8.8:53 | zgzepqimz.net | udp |
| US | 8.8.8.8:53 | lvvkygwsvxaa.info | udp |
| US | 8.8.8.8:53 | kinntmvpscie.info | udp |
| US | 8.8.8.8:53 | nwemypgorlgh.net | udp |
| US | 8.8.8.8:53 | gcchlmin.net | udp |
| US | 8.8.8.8:53 | bmlpjel.com | udp |
| US | 89.116.218.133:43191 | tcp | |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | iyiwcobqb.net | udp |
| US | 8.8.8.8:53 | hzrddr.info | udp |
| US | 8.8.8.8:53 | tusefwwwfse.info | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | watunwhwkil.info | udp |
| US | 8.8.8.8:53 | yfhytmrqz.net | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | yygvkylyn.info | udp |
| US | 8.8.8.8:53 | lvbwxkpgb.net | udp |
| US | 8.8.8.8:53 | lfvefs.info | udp |
| US | 8.8.8.8:53 | bftjbnws.net | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | aeeewwio.org | udp |
| US | 8.8.8.8:53 | myeggcgkcuis.com | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | ikaoqi.org | udp |
| US | 8.8.8.8:53 | bjzjaaicwjmm.net | udp |
| US | 8.8.8.8:53 | rmrgxf.info | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | haqgyjoyep.info | udp |
| SA | 87.120.170.183:19791 | tcp | |
| US | 8.8.8.8:53 | lttkmyehto.net | udp |
| US | 8.8.8.8:53 | ucigqmiuwieo.org | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | gyijmqhfrcly.info | udp |
| US | 8.8.8.8:53 | xojplj.net | udp |
| US | 8.8.8.8:53 | dyjczkhipif.info | udp |
| US | 8.8.8.8:53 | eyjlqglundk.net | udp |
| LT | 78.63.157.79:15712 | tcp | |
| US | 8.8.8.8:53 | umqmoq.com | udp |
| US | 8.8.8.8:53 | qlngbvvwwdl.net | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | xlnllrjjwj.info | udp |
| US | 8.8.8.8:53 | jkxkioljy.org | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | ydygzbgv.info | udp |
| US | 8.8.8.8:53 | kbhfaa.net | udp |
| US | 8.8.8.8:53 | ouyuckykmusk.org | udp |
| US | 8.8.8.8:53 | wcwqmikm.com | udp |
| US | 8.8.8.8:53 | yyqascwmkq.com | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | jtivvc.net | udp |
| US | 8.8.8.8:53 | heeodtf.net | udp |
| US | 8.8.8.8:53 | vsrstvnlx.net | udp |
| US | 8.8.8.8:53 | rmdnmkaqa.com | udp |
| US | 8.8.8.8:53 | xsvubpdgyl.info | udp |
| US | 8.8.8.8:53 | zbtwspdgyn.info | udp |
| US | 8.8.8.8:53 | hekpzdcz.net | udp |
| US | 8.8.8.8:53 | vprenupat.net | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | fiheagbdignw.net | udp |
| US | 8.8.8.8:53 | kmhlokvvl.net | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | tvnnmeu.com | udp |
| US | 8.8.8.8:53 | qyjgpzmcaix.info | udp |
| US | 8.8.8.8:53 | hzukpy.info | udp |
| US | 8.8.8.8:53 | eiygcskago.org | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | jktzjknwrhpw.net | udp |
| US | 8.8.8.8:53 | lyflcqjniur.net | udp |
| US | 8.8.8.8:53 | jvdwxikbaj.info | udp |
| US | 8.8.8.8:53 | fksjlashzb.info | udp |
| US | 8.8.8.8:53 | zboovdhfjp.net | udp |
| US | 8.8.8.8:53 | rhxkvzfo.info | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | ymyamcsg.org | udp |
| US | 8.8.8.8:53 | zqzewtlmvifj.info | udp |
| US | 8.8.8.8:53 | holadnd.info | udp |
| US | 8.8.8.8:53 | tltwjqjmjku.info | udp |
| US | 8.8.8.8:53 | asasoqiqomgi.org | udp |
| US | 8.8.8.8:53 | nblnqxcwlj.net | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | xvpfwfdcgxll.net | udp |
| US | 8.8.8.8:53 | swlcayd.info | udp |
| US | 8.8.8.8:53 | pazgoqq.net | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | gkeyph.net | udp |
| BG | 195.34.126.250:45540 | tcp | |
| US | 8.8.8.8:53 | fqnsvsv.org | udp |
| US | 8.8.8.8:53 | todvml.info | udp |
| US | 8.8.8.8:53 | qvrdbz.net | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | yntxazaabq.info | udp |
| US | 8.8.8.8:53 | spdiawq.net | udp |
| US | 8.8.8.8:53 | konmeqeueip.net | udp |
| US | 8.8.8.8:53 | ckmicowy.org | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | rugnyejgpszi.info | udp |
| US | 8.8.8.8:53 | dxoaoxgkf.com | udp |
| US | 8.8.8.8:53 | xcnuub.net | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | siifxy.info | udp |
| US | 8.8.8.8:53 | ubnxhcwo.info | udp |
| US | 8.8.8.8:53 | kqjgzepghsxh.net | udp |
| US | 8.8.8.8:53 | whnlkooqug.net | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | edkuzpchjg.info | udp |
| US | 8.8.8.8:53 | pvfkjb.net | udp |
| US | 8.8.8.8:53 | aiiuge.com | udp |
| US | 8.8.8.8:53 | sgyuguys.org | udp |
| US | 8.8.8.8:53 | kyxaacdqbxt.info | udp |
| US | 8.8.8.8:53 | fwhhgqvzmz.net | udp |
| US | 8.8.8.8:53 | eygkkekgks.com | udp |
| US | 8.8.8.8:53 | akaqik.org | udp |
| US | 8.8.8.8:53 | txxszuftff.info | udp |
| US | 8.8.8.8:53 | iwdyfogslsb.net | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | kmcuowumumsq.com | udp |
| US | 8.8.8.8:53 | waewqiprlsr.net | udp |
| US | 8.8.8.8:53 | aalqwpdrjspx.net | udp |
| US | 8.8.8.8:53 | mkoruyn.net | udp |
| US | 8.8.8.8:53 | zehlmzsbsn.net | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | abyfngtvqkr.info | udp |
| US | 8.8.8.8:53 | xlpffhvi.net | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | lplovdfjtnhr.net | udp |
| US | 8.8.8.8:53 | hinqeugvp.org | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| LT | 212.122.90.163:36415 | tcp | |
| US | 8.8.8.8:53 | xgdqzsneijwf.net | udp |
| US | 8.8.8.8:53 | obmwpzbjdp.net | udp |
| US | 8.8.8.8:53 | cbqzbiwtutrn.net | udp |
| US | 8.8.8.8:53 | dawehvjocwu.com | udp |
| US | 8.8.8.8:53 | toulqetsf.org | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | bdovjijwabj.info | udp |
| US | 8.8.8.8:53 | mwhubavgh.net | udp |
| US | 8.8.8.8:53 | mipwylhuryd.info | udp |
| US | 8.8.8.8:53 | nwjtnopkkx.net | udp |
| US | 8.8.8.8:53 | meweccuogeeu.com | udp |
| US | 8.8.8.8:53 | rhujsryu.info | udp |
| US | 8.8.8.8:53 | ehnafofkc.net | udp |
| US | 8.8.8.8:53 | xibsbdaadsl.org | udp |
| US | 8.8.8.8:53 | ebfwhmhfr.info | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | jrgyjhxsdf.info | udp |
| US | 8.8.8.8:53 | gzzyrnsq.net | udp |
| US | 8.8.8.8:53 | mqnuvudxxdh.net | udp |
| US | 8.8.8.8:53 | uottjffux.net | udp |
| US | 8.8.8.8:53 | wlliiaxqeufh.net | udp |
| US | 8.8.8.8:53 | iesgesie.com | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | aoqyvgn.info | udp |
| US | 8.8.8.8:53 | fbwbbdzptsde.net | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | nrggxz.net | udp |
| US | 8.8.8.8:53 | daafsr.net | udp |
| US | 8.8.8.8:53 | aoacbwhythx.info | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | lzfxwqcllqhj.info | udp |
| US | 8.8.8.8:53 | xirtxapsu.org | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | nsuutepfhldw.info | udp |
| US | 8.8.8.8:53 | ttpiba.net | udp |
| US | 8.8.8.8:53 | mqgwcvpojezz.net | udp |
| US | 8.8.8.8:53 | zkjhxayvz.org | udp |
| US | 8.8.8.8:53 | chukcbn.net | udp |
| US | 8.8.8.8:53 | eufcbjf.net | udp |
| US | 8.8.8.8:53 | rkxfnbdwif.info | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | opncfsxnboz.info | udp |
| US | 8.8.8.8:53 | bnofxz.net | udp |
| US | 8.8.8.8:53 | znltydmkf.org | udp |
| US | 8.8.8.8:53 | wcbjvwxrvvz.net | udp |
| US | 8.8.8.8:53 | dmsylqagp.org | udp |
| US | 8.8.8.8:53 | xktscjlw.net | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | ggojwwv.info | udp |
| US | 8.8.8.8:53 | hghula.info | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | cxpfrbrnp.net | udp |
| US | 8.8.8.8:53 | wksocmerfgw.info | udp |
| US | 8.8.8.8:53 | mzyztmnfyg.net | udp |
| US | 8.8.8.8:53 | bgtnjkxspiqe.info | udp |
| US | 8.8.8.8:53 | pslgcgomd.org | udp |
| LV | 87.110.120.225:14780 | tcp | |
| US | 8.8.8.8:53 | bwnkpcrlj.org | udp |
| US | 8.8.8.8:53 | xhtrlcyftrx.com | udp |
| US | 8.8.8.8:53 | gmsivkq.net | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | nmaibausj.com | udp |
| US | 8.8.8.8:53 | maoemseemgoy.com | udp |
| US | 8.8.8.8:53 | gwobtucamtx.info | udp |
| US | 8.8.8.8:53 | wwkutys.info | udp |
| US | 8.8.8.8:53 | qwoghmt.info | udp |
| US | 8.8.8.8:53 | ugmsbi.net | udp |
| US | 8.8.8.8:53 | prmyteuwqsn.com | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | xlveelrrri.net | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | bvfgrxzjnmre.net | udp |
| US | 8.8.8.8:53 | vzohto.info | udp |
| US | 8.8.8.8:53 | fqomqelwn.com | udp |
| US | 8.8.8.8:53 | dlnamcc.com | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | cbdwxl.net | udp |
| US | 8.8.8.8:53 | smdehbe.net | udp |
| US | 8.8.8.8:53 | gsaydxucn.net | udp |
| US | 8.8.8.8:53 | kdjmsft.net | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | bmbcdol.net | udp |
| US | 8.8.8.8:53 | tqhxunigxzj.com | udp |
| US | 8.8.8.8:53 | vunkjwk.net | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | pnzvnpxwnm.net | udp |
| US | 8.8.8.8:53 | rgpceuorv.net | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | rufvxcwoncw.com | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | kkquqasmum.com | udp |
| US | 8.8.8.8:53 | oeiwgegoooow.org | udp |
| US | 8.8.8.8:53 | nadtlglkdm.net | udp |
| US | 8.8.8.8:53 | heotulvnx.org | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | jkopiwze.info | udp |
| US | 8.8.8.8:53 | mostlkwp.net | udp |
| US | 8.8.8.8:53 | rzvfhgsdhovu.net | udp |
| US | 8.8.8.8:53 | vrhtfetzjcpt.info | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| BG | 95.42.241.157:28845 | tcp | |
| US | 8.8.8.8:53 | wbbvlfanet.net | udp |
| US | 8.8.8.8:53 | hmafbltcvj.net | udp |
| US | 8.8.8.8:53 | ixagozioua.info | udp |
| US | 8.8.8.8:53 | qkuiggco.com | udp |
| US | 8.8.8.8:53 | hsdwzcf.org | udp |
| US | 8.8.8.8:53 | zovgoulhfgc.info | udp |
| US | 8.8.8.8:53 | gvsjeglifsxn.net | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | xdgpqwuuyg.net | udp |
| US | 8.8.8.8:53 | qqseoyakksia.com | udp |
| US | 8.8.8.8:53 | mgfguixgmdc.net | udp |
| US | 8.8.8.8:53 | orjosdtbymgj.info | udp |
| US | 8.8.8.8:53 | ijdzqa.info | udp |
| US | 8.8.8.8:53 | oqauesgacmmu.com | udp |
| US | 8.8.8.8:53 | cjorwbxqxwje.info | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | josokajpa.net | udp |
| US | 8.8.8.8:53 | vzfrppvefo.net | udp |
| US | 8.8.8.8:53 | waputlgzwasz.info | udp |
| US | 8.8.8.8:53 | fwfehcx.net | udp |
| US | 8.8.8.8:53 | xshqpyq.info | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | lolrlcx.com | udp |
| US | 8.8.8.8:53 | yflrgr.net | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | dotnzcgta.info | udp |
| US | 8.8.8.8:53 | ocykmwqk.com | udp |
| US | 8.8.8.8:53 | ykbakptqv.net | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | yqpqzauah.info | udp |
| US | 8.8.8.8:53 | sgldxclkrbd.net | udp |
| US | 8.8.8.8:53 | nqsnwhwpqult.net | udp |
| US | 8.8.8.8:53 | twvsaxij.net | udp |
| US | 8.8.8.8:53 | mcnzhansbec.info | udp |
| US | 8.8.8.8:53 | dvzokanhunkx.info | udp |
| US | 8.8.8.8:53 | lgvkhik.net | udp |
| US | 8.8.8.8:53 | skznlil.info | udp |
| US | 8.8.8.8:53 | hodufsshp.com | udp |
| US | 8.8.8.8:53 | cdycolduewty.info | udp |
| LT | 78.60.152.39:14159 | tcp | |
| US | 8.8.8.8:53 | osdexcaat.net | udp |
| US | 8.8.8.8:53 | iutbrbblbl.net | udp |
| US | 8.8.8.8:53 | gijuvjlap.net | udp |
| US | 8.8.8.8:53 | muqgsqcy.org | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | zstfzpjkqup.com | udp |
| US | 8.8.8.8:53 | dyvuyz.net | udp |
| US | 8.8.8.8:53 | awsccookqaoa.org | udp |
| US | 8.8.8.8:53 | xufyyiu.net | udp |
| US | 8.8.8.8:53 | xqbqbmtgx.info | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | hpacdwsdie.info | udp |
| US | 8.8.8.8:53 | wajcnsdedkgv.net | udp |
| US | 8.8.8.8:53 | uieqeciiqm.com | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | yegqaoahlxzi.net | udp |
| US | 8.8.8.8:53 | xlnzhnzp.info | udp |
| US | 8.8.8.8:53 | xqafuwz.info | udp |
| US | 8.8.8.8:53 | tnlyzjqqzgin.info | udp |
| US | 8.8.8.8:53 | zrgxmrkuhk.net | udp |
| US | 8.8.8.8:53 | dyyvuvnbnms.info | udp |
| US | 8.8.8.8:53 | tujjtiij.info | udp |
| US | 8.8.8.8:53 | devwmkh.net | udp |
| US | 8.8.8.8:53 | lhdgtsnif.net | udp |
| US | 8.8.8.8:53 | fupuhgphvwt.net | udp |
| US | 8.8.8.8:53 | qlvrpmumfcxi.net | udp |
| US | 8.8.8.8:53 | fopvatzz.info | udp |
| US | 8.8.8.8:53 | rtxmtljvvubf.net | udp |
| US | 8.8.8.8:53 | zoephpgi.info | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | lznkjsblhuvq.net | udp |
| US | 8.8.8.8:53 | bkzhlczsmwk.net | udp |
| US | 8.8.8.8:53 | culuwur.net | udp |
| US | 8.8.8.8:53 | zslkntzpbmfi.info | udp |
| US | 8.8.8.8:53 | rvazsyttv.org | udp |
| US | 8.8.8.8:53 | elmagdcmaxpl.net | udp |
| US | 8.8.8.8:53 | uwbmnodet.info | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | joborkrejxs.info | udp |
| US | 8.8.8.8:53 | lptkmknkl.org | udp |
| US | 8.8.8.8:53 | isyeca.com | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
Files
C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
| MD5 | 221dc9686e3a1fe5d547472d0effd4c1 |
| SHA1 | a096f8ca8b19673cb5d734cb26c479a374dff81f |
| SHA256 | 2345ed3a8d84cd9753c976471cc4e28c2e7e4d6fab55ea4e1bf9b67e83257b93 |
| SHA512 | 476f65ea0684fdb11164a45c90e00e4a18e2dacf07ce682ef7ff68fb5bb928e956ed2a3f2df5c3baa6abd16f3a36a6226deebd17b1c5e2a3ffbe63eb0610d17e |
C:\Windows\SysWOW64\oavsccnjypldxojmmt.exe
| MD5 | b2b7b9be91e42f447618c78205cfccb0 |
| SHA1 | ac38435860734cbcdfff61a917c8e37e27d781a5 |
| SHA256 | f3cb92699801b3fd4ca75d9e7a09d1b40b0a4591399753c4222c0b6385d8c897 |
| SHA512 | 3d7cab72720c27c80569eab34d9968f34bee41a38efbc9e5d25d40af373b560ba6f7240139d325700389ae0afc53d9c4b40ba69f08a3786f5c32619f37fc4193 |
C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe
| MD5 | 9a1364f540983e67bee719d5d487a976 |
| SHA1 | f28508930bd840e58aeba55735d434c9147f0008 |
| SHA256 | 61ea799e85239af41582ad3020937523baefafa26a51c89367aa7e6c552ea5e2 |
| SHA512 | 747d2675ed2bc2cb12d5ddc6c60d2cf6851b86633bf705c79f5268f82ff26b23fd286d009d6a89f28f90b8f4ec887bb572ed8448d8432067e7fdea88b219346b |
C:\Users\Admin\AppData\Local\dwyctasvrpsrsqscjxleg.bia
| MD5 | 0357360b33a77b8ec322bb149cae851c |
| SHA1 | 525c87409212e2a9fc41e94aa61b29f1b98b3b62 |
| SHA256 | ae96107f922157d3b3b148ced3c8baa4ec928f55011898cd47f818ee3c5779e3 |
| SHA512 | f33de6c557da255b8417a8e41b979857fff1c9fddda244586f615b131ac665930a8dd359ef5ccdda977d64c78779187bd21b936fc52ec386a062ec969458dde4 |
C:\Users\Admin\AppData\Local\ycpegybpwftdpylgyxwancewznudrbnw.ewv
| MD5 | d37dd196e9d0027eeaa51373f6d2a0d7 |
| SHA1 | 9c9226a0476d0195a6e484a798e981a5a5dde5e9 |
| SHA256 | 63609a30620328d467e2e22521e85377079ff299a223a8631c9b4adbc42bb287 |
| SHA512 | e2ff844df4143ad1c4c64bcbffe662ff9ea9684f3250ce039db36dbf0e3db6d1bfb663379877c65a016154949f34862153f738d56a6016707d5bf761a2582826 |
C:\Program Files (x86)\dwyctasvrpsrsqscjxleg.bia
| MD5 | 911b2bdf24860e398a2a72ad3ab277d8 |
| SHA1 | 7d4a10a4641fabaa68e2baddad8bf684312cb741 |
| SHA256 | fb61238076909cfb68a54fe9faa55d65255019d6b6ccfbdbd692b6491c76f642 |
| SHA512 | a313359484e4f7f9309ce049e62a79d4c7d33dc980ececfe1fffd4288447deb217f4ab15ec7f2dd97a8eb9718d374501d8887f34ed42511cbf03d8ca3065885f |
C:\Program Files (x86)\dwyctasvrpsrsqscjxleg.bia
| MD5 | d42cd9b924849252c41af3ba8f86e82e |
| SHA1 | 9bbb7272f0a98e7dc02cd5d3105803827fe33669 |
| SHA256 | 7f9686a86d6c73df1e3b9d4b6b19dd373757abf864a298f1c0bdfff43cfdd5df |
| SHA512 | de169e1dd06e27fb5a967f89f0269375508889bb9331c65c54be5f9ec8364c4c98d15e6a0d6dba0d45ebf609f469cacbbf87bfef64a49748352ec58865364427 |
C:\Program Files (x86)\dwyctasvrpsrsqscjxleg.bia
| MD5 | 042babeca04615f993f5941fcff4a367 |
| SHA1 | 4ed4a46ab5441ccb3a27aefcf815dab796404e46 |
| SHA256 | af541ea07c0aabec644dbe2253073aa8b20d7fff55168cff982e94ba5e23bffd |
| SHA512 | 3243d6c92ae5cd1e80b5087a1c1d8033d0dfb558ef328207b490ff6f9a760f15c5d2515fae6ea4275f671473daac61274b15c05ffa702b2fe4e1e807c8427ef6 |
C:\Program Files (x86)\dwyctasvrpsrsqscjxleg.bia
| MD5 | 8f18da06ee683d8118ddceac13286a96 |
| SHA1 | 418f11aed78a9454e27e719fafddaa18cfa32971 |
| SHA256 | 2ee9bfad17eb6385fcc1e4c75b033c95ddfbebf5729c5545e905c3c7b03cd14f |
| SHA512 | f4091ea5d3b95e5ce89a4fad3c27d8322d9246121fa7acca215c5b1049bdd1c4965926013550cb4716178faecabb3180f16807aff9b23dc68d9e5515160f351b |
C:\Program Files (x86)\dwyctasvrpsrsqscjxleg.bia
| MD5 | 34d32d2e3efbbd1515ddfaaaef9e4272 |
| SHA1 | 78014aaafb8088ad6ae5ebbe18ba377c0af35a33 |
| SHA256 | 0ade9ccfd674e24f6f55d4aa15df10948f6e32e7ebf85a1060c08705295f10f3 |
| SHA512 | 5895dc34862a17c567fade9e94446171494ea34b31ce10ec984a44547bb5c71f5f4c1964e79f46b0faee744ea59e69a20c8700dd0ed5c6d0d2615a6a06249c06 |
C:\Program Files (x86)\dwyctasvrpsrsqscjxleg.bia
| MD5 | 2107fbbdb4c5d38f85ec3cb6dae97c89 |
| SHA1 | e7d4de183f09f40d1cd5454364239d0fc56caa69 |
| SHA256 | d8fa9cbc22ab066a780106a5358d3c99747275cfff7edf05b49782793369a4b3 |
| SHA512 | 56b57b104244cc24a80e66406fb1036fd070b24bf832eacc757048b300ec7074528f4d7d2c2f939d41e8d7362c76e1a4716714efb74f5a101fe5f188c58b299b |