Analysis Overview
SHA256
8ca695115227d8c7562dd4cd271fbffe9bb4eca124c6248b1f4ab40075883830
Threat Level: Known bad
The file JaffaCakes118_b440589d0ee46569ca9013e1c4f70261 was found to be: Known bad.
Malicious Activity Summary
Pykspa family
Modifies WinLogon for persistence
UAC bypass
Pykspa
Detect Pykspa worm
Blocklisted process makes network request
Adds policy Run key to start application
Disables RegEdit via registry modification
Checks computer location settings
Executes dropped EXE
Impair Defenses: Safe Mode Boot
Adds Run key to start application
Checks whether UAC is enabled
Hijack Execution Flow: Executable Installer File Permissions Weakness
Looks up external IP address via web service
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
System policy modification
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-13 09:40
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-13 09:40
Reported
2025-04-13 09:43
Platform
win10v2004-20250314-en
Max time kernel
45s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ndzqgapiavvdnepupf.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ndzqgapiavvdnepupf.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypmevqgatpqzkcouqhe.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "xlfuianeunlrzoxa.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ndzqgapiavvdnepupf.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "ldbumizuolnxjcpwtljc.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "etoetmasjdcjsiswq.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "etoetmasjdcjsiswq.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "ypmevqgatpqzkcouqhe.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "atsmfcuqljmxkesayrqkd.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "xlfuianeunlrzoxa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "etoetmasjdcjsiswq.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "xlfuianeunlrzoxa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "xlfuianeunlrzoxa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "xlfuianeunlrzoxa.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "ldbumizuolnxjcpwtljc.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "atsmfcuqljmxkesayrqkd.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "etoetmasjdcjsiswq.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "ndzqgapiavvdnepupf.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "xlfuianeunlrzoxa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "xlfuianeunlrzoxa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "etoetmasjdcjsiswq.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "atsmfcuqljmxkesayrqkd.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypmevqgatpqzkcouqhe.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "etoetmasjdcjsiswq.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "atsmfcuqljmxkesayrqkd.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "etoetmasjdcjsiswq.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypmevqgatpqzkcouqhe.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "ldbumizuolnxjcpwtljc.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ldbumizuolnxjcpwtljc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ypmevqgatpqzkcouqhe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ldbumizuolnxjcpwtljc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ldbumizuolnxjcpwtljc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ndzqgapiavvdnepupf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\xlfuianeunlrzoxa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\atsmfcuqljmxkesayrqkd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\xlfuianeunlrzoxa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\atsmfcuqljmxkesayrqkd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\xlfuianeunlrzoxa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ndzqgapiavvdnepupf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ypmevqgatpqzkcouqhe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\xlfuianeunlrzoxa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\etoetmasjdcjsiswq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\xlfuianeunlrzoxa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ndzqgapiavvdnepupf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\etoetmasjdcjsiswq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ypmevqgatpqzkcouqhe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ypmevqgatpqzkcouqhe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\xlfuianeunlrzoxa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\atsmfcuqljmxkesayrqkd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\xlfuianeunlrzoxa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ypmevqgatpqzkcouqhe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\etoetmasjdcjsiswq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\etoetmasjdcjsiswq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\etoetmasjdcjsiswq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ldbumizuolnxjcpwtljc.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypmevqgatpqzkcouqhe.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "xlfuianeunlrzoxa.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ndzqgapiavvdnepupf.exe ." | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ndzqgapiavvdnepupf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ndzqgapiavvdnepupf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ndzqgapiavvdnepupf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypmevqgatpqzkcouqhe.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlfuianeunlrzoxa = "ypmevqgatpqzkcouqhe.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ndzqgapiavvdnepupf.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlfuianeunlrzoxa = "etoetmasjdcjsiswq.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlfuianeunlrzoxa = "atsmfcuqljmxkesayrqkd.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\etoetmasjdcjsiswq = "etoetmasjdcjsiswq.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\etoetmasjdcjsiswq = "ypmevqgatpqzkcouqhe.exe ." | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "ndzqgapiavvdnepupf.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\etoetmasjdcjsiswq = "atsmfcuqljmxkesayrqkd.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypmevqgatpqzkcouqhe.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypmevqgatpqzkcouqhe.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlfuianeunlrzoxa = "ldbumizuolnxjcpwtljc.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "atsmfcuqljmxkesayrqkd.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "etoetmasjdcjsiswq.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlfuianeunlrzoxa = "xlfuianeunlrzoxa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\etoetmasjdcjsiswq = "ldbumizuolnxjcpwtljc.exe ." | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypmevqgatpqzkcouqhe.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "ndzqgapiavvdnepupf.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ndzqgapiavvdnepupf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ndzqgapiavvdnepupf.exe ." | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "ndzqgapiavvdnepupf.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atsmfcuqljmxkesayrqkd.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlfuianeunlrzoxa = "ldbumizuolnxjcpwtljc.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlfuianeunlrzoxa = "xlfuianeunlrzoxa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\etoetmasjdcjsiswq = "atsmfcuqljmxkesayrqkd.exe ." | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlfuianeunlrzoxa = "xlfuianeunlrzoxa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlfuianeunlrzoxa = "xlfuianeunlrzoxa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "ldbumizuolnxjcpwtljc.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe ." | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "xlfuianeunlrzoxa.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "ypmevqgatpqzkcouqhe.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\etoetmasjdcjsiswq = "etoetmasjdcjsiswq.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ndzqgapiavvdnepupf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "xlfuianeunlrzoxa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "xlfuianeunlrzoxa.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "etoetmasjdcjsiswq.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atsmfcuqljmxkesayrqkd.exe ." | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlfuianeunlrzoxa = "ndzqgapiavvdnepupf.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ndzqgapiavvdnepupf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypmevqgatpqzkcouqhe.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atsmfcuqljmxkesayrqkd.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atsmfcuqljmxkesayrqkd.exe" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\etoetmasjdcjsiswq = "xlfuianeunlrzoxa.exe ." | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\etoetmasjdcjsiswq = "ndzqgapiavvdnepupf.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\atsmfcuqljmxkesayrqkd.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xlfuianeunlrzoxa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xlfuianeunlrzoxa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ldbumizuolnxjcpwtljc.exe | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rllgayrokjnznixgfzzuom.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ndzqgapiavvdnepupf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xlfuianeunlrzoxa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ldbumizuolnxjcpwtljc.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\atsmfcuqljmxkesayrqkd.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rllgayrokjnznixgfzzuom.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ndzqgapiavvdnepupf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ndzqgapiavvdnepupf.exe | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| File created | C:\Windows\SysWOW64\xlfuianeunlrzoxathbqewjaqjhnvktwpdxmas.wmf | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ldbumizuolnxjcpwtljc.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\atsmfcuqljmxkesayrqkd.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ldbumizuolnxjcpwtljc.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rllgayrokjnznixgfzzuom.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ldbumizuolnxjcpwtljc.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rllgayrokjnznixgfzzuom.exe | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rllgayrokjnznixgfzzuom.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\atsmfcuqljmxkesayrqkd.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ldbumizuolnxjcpwtljc.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ldbumizuolnxjcpwtljc.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rllgayrokjnznixgfzzuom.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rllgayrokjnznixgfzzuom.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ndzqgapiavvdnepupf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ldbumizuolnxjcpwtljc.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ldbumizuolnxjcpwtljc.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xlfuianeunlrzoxa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\atsmfcuqljmxkesayrqkd.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\atsmfcuqljmxkesayrqkd.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rllgayrokjnznixgfzzuom.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ndzqgapiavvdnepupf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\atsmfcuqljmxkesayrqkd.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xlfuianeunlrzoxa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ndzqgapiavvdnepupf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\atsmfcuqljmxkesayrqkd.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xlfuianeunlrzoxa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ndzqgapiavvdnepupf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\atsmfcuqljmxkesayrqkd.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\xlfuianeunlrzoxathbqewjaqjhnvktwpdxmas.wmf | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| File opened for modification | C:\Program Files (x86)\admqtacinvidaecucfosvcekpxk.cge | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| File created | C:\Program Files (x86)\admqtacinvidaecucfosvcekpxk.cge | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| File opened for modification | C:\Program Files (x86)\xlfuianeunlrzoxathbqewjaqjhnvktwpdxmas.wmf | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\ndzqgapiavvdnepupf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\etoetmasjdcjsiswq.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\atsmfcuqljmxkesayrqkd.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\rllgayrokjnznixgfzzuom.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\etoetmasjdcjsiswq.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ldbumizuolnxjcpwtljc.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\xlfuianeunlrzoxa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\etoetmasjdcjsiswq.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\rllgayrokjnznixgfzzuom.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ldbumizuolnxjcpwtljc.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\xlfuianeunlrzoxathbqewjaqjhnvktwpdxmas.wmf | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| File opened for modification | C:\Windows\ldbumizuolnxjcpwtljc.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\rllgayrokjnznixgfzzuom.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ldbumizuolnxjcpwtljc.exe | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| File opened for modification | C:\Windows\xlfuianeunlrzoxa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\etoetmasjdcjsiswq.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ndzqgapiavvdnepupf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ndzqgapiavvdnepupf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ndzqgapiavvdnepupf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ldbumizuolnxjcpwtljc.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ndzqgapiavvdnepupf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\etoetmasjdcjsiswq.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\rllgayrokjnznixgfzzuom.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ndzqgapiavvdnepupf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ndzqgapiavvdnepupf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\atsmfcuqljmxkesayrqkd.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ldbumizuolnxjcpwtljc.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\xlfuianeunlrzoxa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ndzqgapiavvdnepupf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ndzqgapiavvdnepupf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ldbumizuolnxjcpwtljc.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\xlfuianeunlrzoxa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ndzqgapiavvdnepupf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\etoetmasjdcjsiswq.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\atsmfcuqljmxkesayrqkd.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ldbumizuolnxjcpwtljc.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\xlfuianeunlrzoxa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\xlfuianeunlrzoxa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\etoetmasjdcjsiswq.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| File opened for modification | C:\Windows\ldbumizuolnxjcpwtljc.exe | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| File opened for modification | C:\Windows\atsmfcuqljmxkesayrqkd.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\atsmfcuqljmxkesayrqkd.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\rllgayrokjnznixgfzzuom.exe | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| File opened for modification | C:\Windows\ndzqgapiavvdnepupf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ldbumizuolnxjcpwtljc.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\etoetmasjdcjsiswq.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ldbumizuolnxjcpwtljc.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ldbumizuolnxjcpwtljc.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\atsmfcuqljmxkesayrqkd.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\rllgayrokjnznixgfzzuom.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ndzqgapiavvdnepupf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File created | C:\Windows\xlfuianeunlrzoxathbqewjaqjhnvktwpdxmas.wmf | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| File opened for modification | C:\Windows\atsmfcuqljmxkesayrqkd.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\rllgayrokjnznixgfzzuom.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ypmevqgatpqzkcouqhe.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ndzqgapiavvdnepupf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etoetmasjdcjsiswq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ypmevqgatpqzkcouqhe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ndzqgapiavvdnepupf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etoetmasjdcjsiswq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ndzqgapiavvdnepupf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etoetmasjdcjsiswq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ndzqgapiavvdnepupf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ypmevqgatpqzkcouqhe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etoetmasjdcjsiswq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etoetmasjdcjsiswq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ldbumizuolnxjcpwtljc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ndzqgapiavvdnepupf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\atsmfcuqljmxkesayrqkd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xlfuianeunlrzoxa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xlfuianeunlrzoxa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ypmevqgatpqzkcouqhe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etoetmasjdcjsiswq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ldbumizuolnxjcpwtljc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ndzqgapiavvdnepupf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etoetmasjdcjsiswq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xlfuianeunlrzoxa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ldbumizuolnxjcpwtljc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ypmevqgatpqzkcouqhe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etoetmasjdcjsiswq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\etoetmasjdcjsiswq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ldbumizuolnxjcpwtljc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\atsmfcuqljmxkesayrqkd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ndzqgapiavvdnepupf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xlfuianeunlrzoxa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe"
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b440589d0ee46569ca9013e1c4f70261.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."
C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe
"C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe" "-C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe"
C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe
"C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe" "-C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe .
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe .
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe .
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe .
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe .
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe .
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe .
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe .
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."
C:\Windows\xlfuianeunlrzoxa.exe
xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Windows\etoetmasjdcjsiswq.exe
etoetmasjdcjsiswq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe
C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .
C:\Windows\atsmfcuqljmxkesayrqkd.exe
atsmfcuqljmxkesayrqkd.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .
C:\Windows\ldbumizuolnxjcpwtljc.exe
ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe
C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."
C:\Windows\ndzqgapiavvdnepupf.exe
ndzqgapiavvdnepupf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Windows\ypmevqgatpqzkcouqhe.exe
ypmevqgatpqzkcouqhe.exe .
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Network
| Country | Destination | Domain | Proto |
| GB | 88.221.135.35:443 | www.bing.com | tcp |
| GB | 88.221.135.35:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.imdb.com | udp |
| NL | 18.239.68.108:80 | www.imdb.com | tcp |
| LT | 78.61.84.37:30728 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | mequqy.com | udp |
| US | 8.8.8.8:53 | gbgoydptrm.net | udp |
| US | 8.8.8.8:53 | bqxmrofj.net | udp |
| US | 8.8.8.8:53 | arbyzeb.info | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | glinft.info | udp |
| US | 8.8.8.8:53 | cengowem.info | udp |
| US | 8.8.8.8:53 | vkpcrfjspwf.info | udp |
| US | 8.8.8.8:53 | vatshinrlzot.info | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | kztwwujhvhbb.info | udp |
| US | 8.8.8.8:53 | fwbubffzrh.net | udp |
| US | 8.8.8.8:53 | dqxczsf.info | udp |
| US | 8.8.8.8:53 | amfywcbc.info | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | herdgob.org | udp |
| US | 8.8.8.8:53 | tqxsfyt.org | udp |
| US | 8.8.8.8:53 | lsxkxkjea.net | udp |
| US | 8.8.8.8:53 | myaase.info | udp |
| US | 8.8.8.8:53 | veljipayzwt.info | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | rjswxvhkbnnv.net | udp |
| US | 8.8.8.8:53 | gzmspeznjekj.net | udp |
| US | 8.8.8.8:53 | xjbuynpdku.net | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | puhpplf.info | udp |
| US | 8.8.8.8:53 | ekzcleqtzw.info | udp |
| US | 8.8.8.8:53 | giyctiehp.net | udp |
| US | 8.8.8.8:53 | oaygwmgisu.com | udp |
| US | 8.8.8.8:53 | sbtojgh.net | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | intqzgjpue.net | udp |
| US | 8.8.8.8:53 | nmhoya.info | udp |
| US | 8.8.8.8:53 | rkrkzffqlrlt.info | udp |
| US | 8.8.8.8:53 | tpzejifzj.com | udp |
| US | 8.8.8.8:53 | nlcrqj.net | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | gcbixor.info | udp |
| US | 8.8.8.8:53 | gtfwooj.info | udp |
| US | 8.8.8.8:53 | unmkcn.net | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | hhjbpkz.org | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | plvipmj.info | udp |
| US | 8.8.8.8:53 | ufpfttdkdnr.net | udp |
| US | 8.8.8.8:53 | nmzadvf.info | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | xhryvlpep.com | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | lixhfy.info | udp |
| US | 8.8.8.8:53 | yidyygl.net | udp |
| US | 8.8.8.8:53 | pkflbvzqruf.com | udp |
| US | 8.8.8.8:53 | luxibfvxasf.org | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | vwtkbbzamx.info | udp |
| US | 8.8.8.8:53 | njqyuruo.info | udp |
| US | 8.8.8.8:53 | porqnkm.info | udp |
| US | 8.8.8.8:53 | cflllnjmmkw.net | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | xcmiwp.info | udp |
| US | 8.8.8.8:53 | fvfamhpgtqt.org | udp |
| US | 8.8.8.8:53 | ibjctpz.info | udp |
| LT | 78.61.84.37:30728 | tcp | |
| US | 8.8.8.8:53 | sqqigakm.com | udp |
| US | 8.8.8.8:53 | zzfarl.net | udp |
| US | 8.8.8.8:53 | ratvhbruhaas.info | udp |
| US | 8.8.8.8:53 | oieuyw.org | udp |
| US | 8.8.8.8:53 | ogwlsdrkb.net | udp |
| US | 8.8.8.8:53 | pnuemuzeheth.info | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | gemsecwgjlft.info | udp |
| US | 8.8.8.8:53 | mybkjii.info | udp |
| US | 8.8.8.8:53 | cnznmtcr.net | udp |
| US | 8.8.8.8:53 | vsjqfunjf.info | udp |
| US | 8.8.8.8:53 | josbcukr.info | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | hzzhfxtazs.net | udp |
| US | 8.8.8.8:53 | sljdjssb.net | udp |
| US | 8.8.8.8:53 | krnsrkscmxo.info | udp |
| US | 8.8.8.8:53 | sgvwcwc.info | udp |
| US | 8.8.8.8:53 | yxtrdu.info | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | cmhvzu.net | udp |
| US | 8.8.8.8:53 | hluricwdvuao.net | udp |
| US | 8.8.8.8:53 | fsigict.net | udp |
| US | 8.8.8.8:53 | bgmulwbwslj.net | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | tlnjrkx.com | udp |
| US | 8.8.8.8:53 | ctltdwr.info | udp |
| US | 8.8.8.8:53 | tvjpbgwmie.info | udp |
| US | 8.8.8.8:53 | btyuudmusi.info | udp |
| US | 8.8.8.8:53 | vupsdmmfg.org | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | nhsvgzwxqk.info | udp |
| US | 8.8.8.8:53 | dbcldxgbuvqj.net | udp |
| US | 8.8.8.8:53 | rehfvbcywcuf.net | udp |
| US | 8.8.8.8:53 | dfzcurlx.info | udp |
| US | 8.8.8.8:53 | uamsom.com | udp |
| US | 8.8.8.8:53 | caceysocgwiu.org | udp |
| US | 8.8.8.8:53 | wixsbkemfml.info | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | mlidws.info | udp |
| US | 8.8.8.8:53 | ouhheq.net | udp |
| US | 8.8.8.8:53 | mcmoucuqimus.org | udp |
| US | 8.8.8.8:53 | qskwjikoh.net | udp |
| US | 8.8.8.8:53 | pxqmycsudon.info | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | rioqeulql.info | udp |
| US | 8.8.8.8:53 | lwfcbdaem.info | udp |
| US | 8.8.8.8:53 | hevptad.net | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | lszohf.info | udp |
| US | 8.8.8.8:53 | ciyfdtpcsrgi.info | udp |
| US | 8.8.8.8:53 | fynxtenskylv.info | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | htrsextxnh.info | udp |
| US | 8.8.8.8:53 | xgiwldd.com | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | hcozmmsojyel.net | udp |
| US | 8.8.8.8:53 | wiqdaminfz.net | udp |
| US | 8.8.8.8:53 | joqylpwoptv.org | udp |
| US | 8.8.8.8:53 | dedujrlnv.org | udp |
| US | 8.8.8.8:53 | tsnhfmxad.net | udp |
| US | 8.8.8.8:53 | barlrfurrj.net | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | johenidnc.info | udp |
| US | 8.8.8.8:53 | pynmfafmt.info | udp |
| US | 8.8.8.8:53 | jxbfnmw.info | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | jaeiqxknnqb.net | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | uszkpsvoz.net | udp |
| US | 8.8.8.8:53 | tgklsrpkpoei.info | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | qofmnwvid.info | udp |
| US | 8.8.8.8:53 | hmpnelyjvw.net | udp |
| US | 8.8.8.8:53 | xsgotqngx.info | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | lcxqfavqhnm.net | udp |
| US | 8.8.8.8:53 | istfqghzi.info | udp |
| US | 8.8.8.8:53 | rovdxaha.net | udp |
| US | 8.8.8.8:53 | hftbhhjhviyv.info | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | ispydk.net | udp |
| US | 8.8.8.8:53 | zrtvkovjom.net | udp |
| US | 8.8.8.8:53 | uooyyaai.com | udp |
| US | 8.8.8.8:53 | bnyxqwcpluvi.net | udp |
| US | 8.8.8.8:53 | favnlcqdcb.info | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | lezvrmbp.net | udp |
| US | 8.8.8.8:53 | swqqswqqie.org | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | rlzwpqz.info | udp |
| US | 8.8.8.8:53 | jzlekqk.info | udp |
| US | 8.8.8.8:53 | peyxigezqfqo.info | udp |
| US | 8.8.8.8:53 | rgdujwc.org | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | vngulsyr.info | udp |
| US | 8.8.8.8:53 | oayagsooun.net | udp |
| US | 8.8.8.8:53 | jznayrszqljs.info | udp |
| US | 8.8.8.8:53 | hatcjfciw.org | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | aghfcu.info | udp |
| US | 8.8.8.8:53 | zokeokzo.info | udp |
| US | 8.8.8.8:53 | ioaiuemwgw.com | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | cqnirttowmf.net | udp |
| US | 8.8.8.8:53 | bqhtlsdbn.info | udp |
| US | 8.8.8.8:53 | joktvhep.info | udp |
| US | 8.8.8.8:53 | mqscicoe.org | udp |
| US | 8.8.8.8:53 | oomfyhhn.info | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | zwpzfnly.info | udp |
| US | 8.8.8.8:53 | famylcjup.org | udp |
| US | 8.8.8.8:53 | waguygwa.org | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | smbclis.info | udp |
| US | 8.8.8.8:53 | iafduzxtpm.net | udp |
| US | 8.8.8.8:53 | bnxkwisoz.info | udp |
| US | 8.8.8.8:53 | hcaihi.net | udp |
| US | 8.8.8.8:53 | tnnkgodn.info | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | uozwdyuvx.net | udp |
| US | 8.8.8.8:53 | tittbblanaig.net | udp |
| US | 8.8.8.8:53 | zyvvqmugxa.net | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | iqcwmg.com | udp |
| US | 8.8.8.8:53 | yabudqdzlnk.info | udp |
| US | 8.8.8.8:53 | pdrspifiwst.org | udp |
| US | 8.8.8.8:53 | uedehpoa.net | udp |
| US | 8.8.8.8:53 | txtzzfcutc.net | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | pqshrpzwbz.info | udp |
| US | 8.8.8.8:53 | aqpfbcuizj.info | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | fimvsoenpwzf.net | udp |
| US | 8.8.8.8:53 | xwjkzyekbb.net | udp |
| US | 8.8.8.8:53 | pjumebv.com | udp |
| US | 8.8.8.8:53 | pfsujxor.info | udp |
| US | 8.8.8.8:53 | qokacwsmco.org | udp |
| US | 8.8.8.8:53 | ownjjdglkccc.net | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | rjprjumr.net | udp |
| US | 8.8.8.8:53 | kgoijuwnaet.info | udp |
| US | 8.8.8.8:53 | lfavpwfyz.org | udp |
| US | 8.8.8.8:53 | bnjwxq.net | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | xaxmdujmkl.net | udp |
| US | 8.8.8.8:53 | doaaxyt.net | udp |
| US | 8.8.8.8:53 | fczqnj.info | udp |
| US | 8.8.8.8:53 | ggfrrqbzb.net | udp |
| US | 8.8.8.8:53 | fjftbfxmzs.net | udp |
| US | 8.8.8.8:53 | jkgafmv.net | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | jaxipndfzqy.net | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | mwjdjtvxtczb.net | udp |
| US | 8.8.8.8:53 | oynedoztnqi.info | udp |
| US | 8.8.8.8:53 | mvhlvmfslimf.info | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | amhdkapsn.net | udp |
| US | 8.8.8.8:53 | mtfrqmcuyl.net | udp |
| US | 8.8.8.8:53 | yojwlwh.info | udp |
| US | 8.8.8.8:53 | rrbmomswnzb.org | udp |
| US | 8.8.8.8:53 | binfluf.info | udp |
| US | 8.8.8.8:53 | lurutgrgrox.org | udp |
| US | 8.8.8.8:53 | sasgfknot.info | udp |
| US | 8.8.8.8:53 | swnyjqbyjuh.info | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | qogymacoqaki.com | udp |
| US | 8.8.8.8:53 | eqkqqwcakw.org | udp |
| US | 8.8.8.8:53 | dzrlhtg.net | udp |
| US | 8.8.8.8:53 | yaquggcy.org | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | ozqsnueoiep.net | udp |
| US | 8.8.8.8:53 | kzombxfxdcpn.info | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | jnjcpgsu.info | udp |
| US | 8.8.8.8:53 | egwwkueaiaew.org | udp |
| US | 8.8.8.8:53 | ifqsygsdep.net | udp |
| US | 8.8.8.8:53 | honljscagjx.info | udp |
| US | 8.8.8.8:53 | eqlonydwbd.net | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | xkmrjaz.org | udp |
| US | 8.8.8.8:53 | fktwrwcj.net | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | dipovonsnwr.net | udp |
| US | 8.8.8.8:53 | lhnfjypybywl.net | udp |
| US | 8.8.8.8:53 | jblgfwokm.info | udp |
| US | 8.8.8.8:53 | swcckgwgqs.org | udp |
| US | 8.8.8.8:53 | lrvehzlablng.info | udp |
| US | 8.8.8.8:53 | ciamsc.com | udp |
| US | 173.231.200.87:80 | ciamsc.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | gocmusoisqgg.org | udp |
| US | 8.8.8.8:53 | vorhqmnit.info | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | fmjaap.net | udp |
| US | 8.8.8.8:53 | qwjayzvejoh.info | udp |
| US | 8.8.8.8:53 | ydhuacj.net | udp |
| US | 8.8.8.8:53 | rgftripexdob.info | udp |
| US | 8.8.8.8:53 | epwhavupnj.net | udp |
| US | 8.8.8.8:53 | sswynronya.net | udp |
| US | 8.8.8.8:53 | dmfkytx.org | udp |
| US | 8.8.8.8:53 | hkygihl.net | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | dexnvyp.info | udp |
| US | 8.8.8.8:53 | zwpqtco.com | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | twlgpub.org | udp |
| US | 8.8.8.8:53 | hueivybopib.info | udp |
| US | 8.8.8.8:53 | ajbevzp.info | udp |
| US | 8.8.8.8:53 | mluydqzm.info | udp |
| US | 8.8.8.8:53 | vuwntkn.com | udp |
| US | 8.8.8.8:53 | sucuyquq.com | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | gpbpxipcbt.net | udp |
| US | 8.8.8.8:53 | vqzebffsfkx.com | udp |
| US | 8.8.8.8:53 | botnud.info | udp |
| US | 8.8.8.8:53 | nwbfezsivtnz.info | udp |
| US | 8.8.8.8:53 | jfrnaclwcqb.com | udp |
| US | 8.8.8.8:53 | dckovkbbxa.info | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | oyjbxdz.net | udp |
| US | 8.8.8.8:53 | winjoble.net | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | fjjyzujis.net | udp |
| US | 8.8.8.8:53 | emgaomqgquyu.org | udp |
| US | 8.8.8.8:53 | rfzvlbtyeq.net | udp |
| US | 8.8.8.8:53 | gqgzondvrzhz.info | udp |
| US | 8.8.8.8:53 | pwtabv.net | udp |
| US | 8.8.8.8:53 | tuwejkcgxur.com | udp |
| US | 8.8.8.8:53 | bnrdhmfrsyhs.info | udp |
| US | 8.8.8.8:53 | odfhlrtueqn.info | udp |
| US | 8.8.8.8:53 | igqykicwwm.org | udp |
| US | 8.8.8.8:53 | oplwnylp.net | udp |
| US | 8.8.8.8:53 | sulufclcoo.info | udp |
| US | 8.8.8.8:53 | dwyalb.info | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | davizh.net | udp |
| US | 8.8.8.8:53 | iusfdcg.info | udp |
| US | 8.8.8.8:53 | bltwylpyqw.info | udp |
| US | 8.8.8.8:53 | fvtaion.com | udp |
| US | 8.8.8.8:53 | setehb.net | udp |
| US | 8.8.8.8:53 | fgefjfhtn.com | udp |
| US | 8.8.8.8:53 | fgrrcbbd.info | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | ymyiyiiwgc.org | udp |
| US | 8.8.8.8:53 | igkmikbtt.info | udp |
| US | 8.8.8.8:53 | wrxjhisgpz.net | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | eifjxqyr.net | udp |
| US | 8.8.8.8:53 | oinitfnowjr.info | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | jvtwzel.info | udp |
| US | 8.8.8.8:53 | sscsmkdytmtw.net | udp |
| US | 8.8.8.8:53 | omyiqdljju.net | udp |
| US | 8.8.8.8:53 | tniauw.info | udp |
| US | 8.8.8.8:53 | qokowkmmssmy.com | udp |
| US | 8.8.8.8:53 | twpmxsbgw.com | udp |
| US | 8.8.8.8:53 | wotongd.info | udp |
| US | 8.8.8.8:53 | lcjsrvmadygh.info | udp |
| US | 8.8.8.8:53 | iuegioqoaoqu.com | udp |
| US | 8.8.8.8:53 | litylqjwe.net | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | sdgahalflmgk.net | udp |
| US | 8.8.8.8:53 | wolphbzgrfyw.info | udp |
| US | 8.8.8.8:53 | egsmoo.org | udp |
| US | 8.8.8.8:53 | sgawgi.com | udp |
| US | 8.8.8.8:53 | wtnkrqu.net | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | fpcufldg.info | udp |
| US | 8.8.8.8:53 | jcucisxelju.net | udp |
| US | 8.8.8.8:53 | biekvmxei.info | udp |
| US | 8.8.8.8:53 | byvnqcxamqr.org | udp |
| US | 8.8.8.8:53 | oixeasfaskf.net | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | tbunsvv.info | udp |
| US | 8.8.8.8:53 | rtysatewpifv.info | udp |
| US | 8.8.8.8:53 | fsjmxal.info | udp |
| US | 8.8.8.8:53 | cljcxgp.info | udp |
| US | 8.8.8.8:53 | leqmkjvhsr.net | udp |
| US | 8.8.8.8:53 | wsqmcw.com | udp |
| US | 8.8.8.8:53 | bwvdgzmeqw.net | udp |
| US | 8.8.8.8:53 | hzvgds.info | udp |
| US | 8.8.8.8:53 | psdfjgfe.net | udp |
| US | 8.8.8.8:53 | oeyxqerz.net | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | sjarohkbtu.net | udp |
| US | 8.8.8.8:53 | qkelnqfam.net | udp |
| US | 8.8.8.8:53 | gwxzxqxdred.net | udp |
| US | 8.8.8.8:53 | scqqiceyei.com | udp |
| US | 8.8.8.8:53 | bblumq.net | udp |
| US | 8.8.8.8:53 | itjyvllhd.info | udp |
| US | 8.8.8.8:53 | ewxibuxqu.info | udp |
| US | 8.8.8.8:53 | kogaqqs.net | udp |
| US | 8.8.8.8:53 | asyrkngu.info | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | zyzrndjmwbsa.info | udp |
| US | 8.8.8.8:53 | ehcizd.net | udp |
| US | 8.8.8.8:53 | nkhefczw.info | udp |
| US | 8.8.8.8:53 | zifrjpdun.org | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | gahthmz.net | udp |
| US | 8.8.8.8:53 | wuuayeymgc.org | udp |
| US | 8.8.8.8:53 | qksyelorzodq.net | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | silexmj.net | udp |
| US | 8.8.8.8:53 | bqbafqdevsn.org | udp |
| US | 8.8.8.8:53 | japcxipmv.org | udp |
| US | 8.8.8.8:53 | lkzfjexovgp.org | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | gunkxz.info | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | kitleitij.net | udp |
| US | 8.8.8.8:53 | lgwvlqx.org | udp |
| US | 8.8.8.8:53 | weuyxymoz.info | udp |
| US | 8.8.8.8:53 | rafiiidmcwr.org | udp |
| US | 8.8.8.8:53 | emgozqvgy.net | udp |
| US | 8.8.8.8:53 | hkxzfjdcycbx.info | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | zeiuiczftmz.net | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | egfwzkfa.info | udp |
| US | 8.8.8.8:53 | mhtmvwgmg.net | udp |
| US | 8.8.8.8:53 | kinwfuz.info | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | hwfvtgex.net | udp |
| US | 8.8.8.8:53 | rvdpzjpd.net | udp |
| US | 8.8.8.8:53 | ejnmfqkorkv.net | udp |
| US | 8.8.8.8:53 | tlqqikd.net | udp |
| US | 8.8.8.8:53 | rtecnyuqa.org | udp |
| US | 8.8.8.8:53 | afxugpnr.info | udp |
| US | 8.8.8.8:53 | yuyyuocqaucw.org | udp |
| US | 8.8.8.8:53 | cmdmjastkhqi.net | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | bkfmdgb.com | udp |
| US | 8.8.8.8:53 | bpvdasyytk.info | udp |
| US | 8.8.8.8:53 | oetcdedet.info | udp |
| US | 8.8.8.8:53 | iumwucqsgy.org | udp |
| US | 8.8.8.8:53 | hkwixdx.net | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | jnouuqtho.net | udp |
| US | 8.8.8.8:53 | babhgcfsfch.org | udp |
| US | 8.8.8.8:53 | geqtzw.net | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | osnulal.info | udp |
| US | 8.8.8.8:53 | iaemyukiyg.org | udp |
| US | 8.8.8.8:53 | isxifjoxofod.info | udp |
| US | 8.8.8.8:53 | oskkuami.org | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | hapjpytov.net | udp |
| US | 8.8.8.8:53 | iriozgyfklwg.net | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | xirchcbks.info | udp |
| US | 8.8.8.8:53 | bvdgyvs.net | udp |
| US | 8.8.8.8:53 | dtxmfpmgc.info | udp |
| US | 8.8.8.8:53 | ntwbyznrdb.net | udp |
| US | 8.8.8.8:53 | grhrzq.net | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | yqbsxwbudmc.info | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | ikcswm.org | udp |
| US | 8.8.8.8:53 | vhzrmrhmdb.info | udp |
| US | 8.8.8.8:53 | clzxha.info | udp |
| US | 8.8.8.8:53 | bfrikt.net | udp |
| US | 8.8.8.8:53 | susobtfwe.info | udp |
| US | 8.8.8.8:53 | rvrdcltd.net | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | hfagnffoeere.info | udp |
| US | 8.8.8.8:53 | gygagaugwk.org | udp |
| US | 8.8.8.8:53 | kaqkuxbdps.net | udp |
| US | 8.8.8.8:53 | bslmlcs.net | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | uooeamyyak.org | udp |
| US | 8.8.8.8:53 | nrotwz.info | udp |
| US | 8.8.8.8:53 | cydipipeu.info | udp |
| US | 8.8.8.8:53 | hbjfdkijib.net | udp |
| US | 8.8.8.8:53 | ctndzrnvrtxs.info | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | mtvlmkrsqr.net | udp |
| US | 8.8.8.8:53 | lynyfdz.info | udp |
| US | 8.8.8.8:53 | vtybeqngwsxz.net | udp |
| US | 8.8.8.8:53 | fvryxy.net | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | bqaixmy.info | udp |
| US | 8.8.8.8:53 | utwvlcvjzbdz.info | udp |
| US | 8.8.8.8:53 | dpfmnyksl.com | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | smsuay.org | udp |
| US | 8.8.8.8:53 | vaoivcnnmv.net | udp |
| US | 8.8.8.8:53 | nonwnllbpr.info | udp |
| US | 8.8.8.8:53 | yjactabqz.net | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | tpjgbtqmxtbv.info | udp |
| US | 8.8.8.8:53 | hqxkyv.net | udp |
| US | 8.8.8.8:53 | iwzsjio.info | udp |
| US | 8.8.8.8:53 | sjtdggweb.net | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | wghansrji.info | udp |
| US | 8.8.8.8:53 | rwlmluzkv.info | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | vxmcwyyiwmyv.info | udp |
| US | 8.8.8.8:53 | qrnqqwbzqz.net | udp |
| US | 8.8.8.8:53 | otydxyvqc.net | udp |
| US | 8.8.8.8:53 | rkhxswncd.info | udp |
| US | 8.8.8.8:53 | lhuciewu.info | udp |
| US | 8.8.8.8:53 | oxgzva.net | udp |
| US | 8.8.8.8:53 | fuoskmyvx.com | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | mkxopyccd.net | udp |
| US | 8.8.8.8:53 | oycwjqh.net | udp |
| US | 8.8.8.8:53 | jubijouungb.com | udp |
| US | 8.8.8.8:53 | ngivxs.info | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | qkcmkuuo.com | udp |
| US | 8.8.8.8:53 | taejrnsalwl.com | udp |
| US | 8.8.8.8:53 | ldvcxim.com | udp |
| US | 8.8.8.8:53 | zcpsxntjjgj.com | udp |
| US | 8.8.8.8:53 | ykkisaii.org | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | brtevwtcghet.net | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | eaoqkc.org | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | nynfvafcolh.com | udp |
| US | 8.8.8.8:53 | qkwwaaksum.com | udp |
| US | 8.8.8.8:53 | pehmbspfxdfx.info | udp |
| US | 8.8.8.8:53 | gojmyymi.net | udp |
| US | 8.8.8.8:53 | zswlotjwr.com | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | gyciwoumcqmg.com | udp |
| US | 8.8.8.8:53 | hhrjcblowb.net | udp |
| US | 8.8.8.8:53 | wtqpmt.net | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | cfqhldpnrz.net | udp |
| US | 8.8.8.8:53 | nukwttnd.info | udp |
| US | 8.8.8.8:53 | icloeonwh.net | udp |
| US | 8.8.8.8:53 | huzvlc.info | udp |
| US | 8.8.8.8:53 | cqnmtqmk.net | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | tyrbloaobqd.info | udp |
| US | 8.8.8.8:53 | oumuxk.info | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | xyyhgk.net | udp |
| US | 8.8.8.8:53 | njcawpsihpii.info | udp |
| US | 8.8.8.8:53 | gljdjksz.info | udp |
| US | 8.8.8.8:53 | vkfltky.org | udp |
| US | 8.8.8.8:53 | gluznlduld.info | udp |
| US | 8.8.8.8:53 | kugsmgae.org | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | tpcxzwnl.net | udp |
| US | 8.8.8.8:53 | ghptrswqlr.net | udp |
| US | 8.8.8.8:53 | csyztut.net | udp |
| US | 8.8.8.8:53 | sfzitb.info | udp |
| US | 8.8.8.8:53 | fynhldb.info | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | xkeyibpjhi.info | udp |
| US | 8.8.8.8:53 | eycysmmsck.org | udp |
| US | 8.8.8.8:53 | yalwntbzyome.info | udp |
| US | 8.8.8.8:53 | pavfreagnb.net | udp |
| US | 8.8.8.8:53 | iuayokmc.org | udp |
| US | 8.8.8.8:53 | usqefgikxe.info | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | zwkynx.net | udp |
| US | 8.8.8.8:53 | cifybsdqx.info | udp |
| US | 8.8.8.8:53 | ytymsdjrxwj.net | udp |
| US | 8.8.8.8:53 | chmislrhaiss.net | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | qsqmbjl.net | udp |
| US | 8.8.8.8:53 | nentbct.info | udp |
| US | 8.8.8.8:53 | mmeswkomymoi.com | udp |
| US | 8.8.8.8:53 | jtaelkhtfr.info | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | isgawewi.org | udp |
| US | 8.8.8.8:53 | axcxmlnw.net | udp |
| US | 8.8.8.8:53 | vcpmhqv.com | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | guucsm.com | udp |
| US | 8.8.8.8:53 | jyerwuk.net | udp |
| US | 8.8.8.8:53 | dvgopqcoieh.com | udp |
| US | 8.8.8.8:53 | iygeysaysa.org | udp |
| US | 8.8.8.8:53 | yylhgvrkaf.net | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | gmiyuq.com | udp |
| US | 8.8.8.8:53 | eqaukoyw.com | udp |
| US | 8.8.8.8:53 | kiuqqksseyge.com | udp |
| US | 8.8.8.8:53 | brcpou.info | udp |
| US | 8.8.8.8:53 | ixtiejeshyh.net | udp |
| US | 8.8.8.8:53 | htnxhuryn.org | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | osgsbatgk.net | udp |
| US | 8.8.8.8:53 | jutnsfbkfdyc.info | udp |
| US | 8.8.8.8:53 | zfzgnjff.info | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | jmoskjkhik.net | udp |
| US | 8.8.8.8:53 | pvuefsqot.net | udp |
| US | 8.8.8.8:53 | outybvm.net | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | xrhgxh.net | udp |
| US | 8.8.8.8:53 | pcliiqcil.net | udp |
| US | 8.8.8.8:53 | zwnaousnrzr.info | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | mkawqy.com | udp |
| US | 8.8.8.8:53 | aidwkhpswml.info | udp |
| US | 8.8.8.8:53 | rccmdwtjk.net | udp |
| US | 8.8.8.8:53 | wztqbnaid.info | udp |
| US | 8.8.8.8:53 | xkdujo.net | udp |
| US | 8.8.8.8:53 | xnleesr.info | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | kdknyaod.net | udp |
| US | 8.8.8.8:53 | hwhidv.net | udp |
| US | 8.8.8.8:53 | ampagwc.info | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | txctns.net | udp |
| US | 8.8.8.8:53 | foxdatbukn.net | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | zmrntd.net | udp |
| US | 8.8.8.8:53 | zhwolmpyogax.info | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | osskoy.org | udp |
| US | 8.8.8.8:53 | dchgstyh.info | udp |
| US | 8.8.8.8:53 | urbcxxrtts.net | udp |
| US | 8.8.8.8:53 | dzuljdrrlfvv.net | udp |
| US | 8.8.8.8:53 | yyvcpklsbyl.net | udp |
| US | 8.8.8.8:53 | yrhwjdtdoxqn.net | udp |
| US | 8.8.8.8:53 | esshdmhmxqpu.info | udp |
| US | 8.8.8.8:53 | lnzojmzwxnb.org | udp |
| US | 8.8.8.8:53 | lmxklpv.info | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | xkhchtbk.net | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | acwsasewaege.org | udp |
| US | 8.8.8.8:53 | mcuafcx.net | udp |
| US | 8.8.8.8:53 | aamzlv.info | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | okhrtih.net | udp |
| US | 8.8.8.8:53 | ntxfaaqvrnje.net | udp |
| US | 8.8.8.8:53 | gaigoqyocm.org | udp |
| US | 8.8.8.8:53 | kbvomd.net | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | uegeqoskua.com | udp |
| US | 8.8.8.8:53 | odjamufq.info | udp |
| US | 8.8.8.8:53 | fopxpqp.net | udp |
| US | 8.8.8.8:53 | isggiwieau.com | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | skamuiyaei.com | udp |
| US | 8.8.8.8:53 | ttctzqrg.net | udp |
| US | 8.8.8.8:53 | wmeyeq.com | udp |
| US | 8.8.8.8:53 | jizoaqd.info | udp |
| US | 8.8.8.8:53 | skkkgiygim.org | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | qhzdrgddid.info | udp |
| US | 8.8.8.8:53 | ywsyms.com | udp |
| US | 8.8.8.8:53 | pifynqrwfkr.net | udp |
| US | 8.8.8.8:53 | cauuaeyuuaku.com | udp |
| US | 8.8.8.8:53 | dcijrj.net | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | fypvvuibdupq.net | udp |
| US | 8.8.8.8:53 | puigdybmag.net | udp |
| US | 8.8.8.8:53 | okrbhndwou.net | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | iyxdly.info | udp |
| US | 8.8.8.8:53 | asaecauq.com | udp |
| US | 8.8.8.8:53 | pupspsnppyd.org | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | mqiagw.com | udp |
| US | 8.8.8.8:53 | nhpmzszysbb.info | udp |
| US | 8.8.8.8:53 | maxxywxlt.info | udp |
| US | 8.8.8.8:53 | lztmhadylgg.org | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | wcugoykaso.com | udp |
| US | 8.8.8.8:53 | egnijmh.info | udp |
| US | 8.8.8.8:53 | cxikqbbcucdn.info | udp |
| US | 8.8.8.8:53 | xkrgbjvnnkt.net | udp |
| US | 8.8.8.8:53 | ccikmuie.org | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | mmecwoqmgeom.com | udp |
| US | 8.8.8.8:53 | uwdmrizmaogv.net | udp |
| US | 8.8.8.8:53 | xmsmnujih.info | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | dvbustwm.info | udp |
| US | 8.8.8.8:53 | sswsokouge.org | udp |
| US | 8.8.8.8:53 | qknaxkwkj.info | udp |
| US | 8.8.8.8:53 | lggtfyefy.info | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | yuwzoxfnrn.info | udp |
| US | 8.8.8.8:53 | rwqyzgpvf.org | udp |
| US | 8.8.8.8:53 | bjzhpl.net | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | fnnpkfbif.net | udp |
| US | 8.8.8.8:53 | vuhszqkkc.info | udp |
| US | 8.8.8.8:53 | banghno.info | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | woxtxb.net | udp |
| US | 8.8.8.8:53 | xknjobnmvl.info | udp |
| US | 8.8.8.8:53 | hqmplmldnap.net | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | nqluex.net | udp |
| US | 8.8.8.8:53 | pxbmssf.org | udp |
| US | 8.8.8.8:53 | cigykmaewkuu.org | udp |
| US | 8.8.8.8:53 | ysxdevyt.info | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | zsjczvizgaxb.net | udp |
| US | 8.8.8.8:53 | ywimgeuw.com | udp |
| US | 8.8.8.8:53 | cnzrvi.info | udp |
| US | 8.8.8.8:53 | pihgxcdph.com | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | xcrcqqlsgobp.net | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | ujrmaog.net | udp |
| US | 8.8.8.8:53 | fecstsqaqwv.info | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | zdaddiv.net | udp |
| US | 8.8.8.8:53 | wdncpgz.net | udp |
| US | 8.8.8.8:53 | ojsjolelqc.net | udp |
| US | 8.8.8.8:53 | rqrgbnf.net | udp |
| US | 8.8.8.8:53 | ueksoqkegu.org | udp |
| US | 8.8.8.8:53 | gcuwmcscuyoc.org | udp |
| US | 8.8.8.8:53 | pelcunhypcad.net | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | mkcwmgeemwgs.org | udp |
| US | 8.8.8.8:53 | fjvqudllefnu.net | udp |
| US | 8.8.8.8:53 | aouzbhuebgbo.net | udp |
| US | 8.8.8.8:53 | iyjfiga.info | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | qnuynvrum.net | udp |
| US | 8.8.8.8:53 | rkpkjhrvnols.net | udp |
| US | 8.8.8.8:53 | upiwrowaz.info | udp |
| US | 8.8.8.8:53 | owamcgimkk.com | udp |
| US | 8.8.8.8:53 | cjmcshuh.net | udp |
| US | 8.8.8.8:53 | gwkgiyoqws.org | udp |
| US | 8.8.8.8:53 | znhvvmu.com | udp |
| US | 8.8.8.8:53 | atmpxnfgbjjb.info | udp |
| US | 8.8.8.8:53 | ccpefysyzvp.net | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | ghtstkpt.net | udp |
| US | 8.8.8.8:53 | twjcku.info | udp |
| US | 8.8.8.8:53 | nmpqlbdct.info | udp |
| US | 8.8.8.8:53 | znlqvcd.net | udp |
| US | 8.8.8.8:53 | ysmcisik.org | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | xfjojplaqh.net | udp |
| US | 8.8.8.8:53 | umagawomqacy.com | udp |
| US | 8.8.8.8:53 | cixjdzqqvl.net | udp |
| US | 8.8.8.8:53 | aqmcqe.com | udp |
| US | 8.8.8.8:53 | qhlmbkr.net | udp |
| US | 8.8.8.8:53 | jbqodyjqf.org | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | titxfzrqdan.org | udp |
| US | 8.8.8.8:53 | bcridmrnxgv.org | udp |
| US | 8.8.8.8:53 | lwvlozyu.net | udp |
| US | 8.8.8.8:53 | didizir.info | udp |
| US | 8.8.8.8:53 | besguaoaxovl.info | udp |
| US | 8.8.8.8:53 | ptdjmtnanl.info | udp |
| US | 8.8.8.8:53 | mgvnpyc.info | udp |
| US | 8.8.8.8:53 | tmiezofep.com | udp |
| US | 8.8.8.8:53 | heajuh.info | udp |
| US | 8.8.8.8:53 | wqkwiuco.com | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | fyxbphlmv.org | udp |
| US | 8.8.8.8:53 | rizafehawue.net | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | hnxnhnoh.info | udp |
| US | 8.8.8.8:53 | vynmptj.org | udp |
| US | 8.8.8.8:53 | pmlwffqh.net | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | txrwkounzktq.net | udp |
| US | 8.8.8.8:53 | bikyqfjyztrz.net | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | guaaco.info | udp |
| US | 8.8.8.8:53 | zwrcxbnijehl.net | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | eaeyquugik.com | udp |
| US | 8.8.8.8:53 | syxkqwbejgvf.net | udp |
| US | 8.8.8.8:53 | fezomg.info | udp |
| US | 8.8.8.8:53 | asyeaaam.org | udp |
| US | 8.8.8.8:53 | kuhcluhaqvn.net | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | qawfsmkxjcaq.info | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | hjuypato.net | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | wxrgagtkn.info | udp |
| US | 8.8.8.8:53 | ymtciqzxhvbq.info | udp |
| US | 8.8.8.8:53 | xwkoxcluzi.info | udp |
| US | 8.8.8.8:53 | wsannozhhquu.net | udp |
| US | 8.8.8.8:53 | peyjvkhbdb.net | udp |
| US | 8.8.8.8:53 | gkxvvas.info | udp |
| US | 8.8.8.8:53 | jojllqzskz.info | udp |
| US | 8.8.8.8:53 | edxsin.info | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | vllbrcdbjat.org | udp |
| US | 8.8.8.8:53 | xtbgzyxf.net | udp |
| US | 8.8.8.8:53 | ukacki.com | udp |
| US | 8.8.8.8:53 | tstwstx.net | udp |
| US | 8.8.8.8:53 | hgvdhvzbly.net | udp |
| US | 8.8.8.8:53 | wqyogccmcoko.org | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | hmgcfjantz.info | udp |
| US | 8.8.8.8:53 | rvjckbwq.net | udp |
| US | 8.8.8.8:53 | noohngh.info | udp |
| US | 8.8.8.8:53 | dsaasfon.net | udp |
| US | 8.8.8.8:53 | scqmfqzyf.info | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | oqguuwqgco.org | udp |
| US | 8.8.8.8:53 | gwiatcmf.net | udp |
| US | 8.8.8.8:53 | cddungwtdrrt.net | udp |
| US | 8.8.8.8:53 | yixrcu.info | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | tkpyxceetkg.net | udp |
| US | 8.8.8.8:53 | fhakpa.info | udp |
| US | 8.8.8.8:53 | sfqnpj.info | udp |
| US | 8.8.8.8:53 | rsbccmoqb.org | udp |
| US | 8.8.8.8:53 | rwbaesd.com | udp |
| US | 8.8.8.8:53 | yfjqxqqcbyt.info | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | kqmeqmmeog.org | udp |
| US | 8.8.8.8:53 | vqdklijyf.net | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | izgeepwt.info | udp |
| US | 8.8.8.8:53 | lnldxhsqre.info | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | laebpon.com | udp |
| US | 8.8.8.8:53 | awnnwooqnqr.net | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | ysokygceosow.org | udp |
| US | 8.8.8.8:53 | iywygqqkss.org | udp |
| US | 8.8.8.8:53 | rcbgrvy.info | udp |
| US | 8.8.8.8:53 | ewuaksmyqi.org | udp |
| US | 8.8.8.8:53 | wvhgfj.net | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | erwoegn.net | udp |
| US | 8.8.8.8:53 | rtysxhag.net | udp |
| US | 8.8.8.8:53 | ervmuo.net | udp |
| US | 8.8.8.8:53 | xzzmuysh.info | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | tsvyxgzcvrq.org | udp |
| US | 8.8.8.8:53 | eirznpxmpmd.info | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | yudenof.net | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | aludzadh.net | udp |
| US | 8.8.8.8:53 | rmaecuolqqyb.info | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | behwhthaj.info | udp |
| US | 8.8.8.8:53 | rvamdtuvn.com | udp |
| US | 8.8.8.8:53 | coylbabolaz.net | udp |
| US | 8.8.8.8:53 | gkzxbfblbs.info | udp |
| US | 8.8.8.8:53 | omtcvam.info | udp |
| US | 8.8.8.8:53 | wmcipux.info | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | zoxgvnbgm.org | udp |
| US | 8.8.8.8:53 | upfhlv.net | udp |
| US | 8.8.8.8:53 | fkmzdvhtlx.info | udp |
| US | 8.8.8.8:53 | zmxupxv.net | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | umgokkyqgsui.com | udp |
| US | 8.8.8.8:53 | rqpkraf.info | udp |
| US | 8.8.8.8:53 | agbtcjfqxe.net | udp |
| US | 8.8.8.8:53 | hlzulujwn.com | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | czvmfinwzgz.info | udp |
| US | 8.8.8.8:53 | lenqtmtrf.org | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | wbxtsa.net | udp |
| US | 8.8.8.8:53 | vyxxhkb.net | udp |
| US | 8.8.8.8:53 | rwheiotkvwx.com | udp |
| US | 8.8.8.8:53 | euxmbgicrcj.info | udp |
| US | 8.8.8.8:53 | vsopicu.info | udp |
| US | 8.8.8.8:53 | jkrzmgklbr.net | udp |
| US | 8.8.8.8:53 | mcvgvkvbyy.info | udp |
| US | 8.8.8.8:53 | mcmaoaakga.org | udp |
| US | 8.8.8.8:53 | cgzqtowog.info | udp |
| US | 8.8.8.8:53 | jivvjiqugij.com | udp |
| US | 8.8.8.8:53 | asumqyoqyc.com | udp |
| US | 8.8.8.8:53 | rsiqymtzbozl.info | udp |
| US | 8.8.8.8:53 | fclqbetif.org | udp |
| US | 8.8.8.8:53 | vtgavpgc.info | udp |
| US | 8.8.8.8:53 | iyimksuoiy.com | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | fkymcjpadqo.org | udp |
| US | 8.8.8.8:53 | lxxjpb.net | udp |
| US | 8.8.8.8:53 | bsjgxxldiss.com | udp |
| US | 8.8.8.8:53 | kvgwwepor.info | udp |
| US | 8.8.8.8:53 | pyjmfrh.org | udp |
| US | 8.8.8.8:53 | jngrkofd.net | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| US | 8.8.8.8:53 | ascykeqmoi.com | udp |
| US | 8.8.8.8:53 | jubwjk.net | udp |
| US | 8.8.8.8:53 | nfqyzozd.net | udp |
| US | 8.8.8.8:53 | owsacw.com | udp |
| US | 8.8.8.8:53 | tnxuihwqr.net | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | sgjaesf.info | udp |
| US | 8.8.8.8:53 | esdxszacgjjb.info | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | gcskyk.com | udp |
| US | 8.8.8.8:53 | giguqqus.com | udp |
| US | 8.8.8.8:53 | giekgyskeiik.org | udp |
| US | 8.8.8.8:53 | dgjnmkkilar.net | udp |
| US | 8.8.8.8:53 | mzosidhkei.net | udp |
| US | 8.8.8.8:53 | lavuric.com | udp |
| US | 8.8.8.8:53 | dnlljsoca.com | udp |
| US | 8.8.8.8:53 | bavppixu.net | udp |
| US | 8.8.8.8:53 | tknrxkz.com | udp |
| US | 8.8.8.8:53 | odfmvcdzz.info | udp |
| US | 8.8.8.8:53 | ocoocicweqyq.org | udp |
| US | 8.8.8.8:53 | okossimgemgs.org | udp |
| US | 8.8.8.8:53 | fkgritslx.org | udp |
| US | 8.8.8.8:53 | sovizaa.info | udp |
| US | 8.8.8.8:53 | yaooai.info | udp |
| US | 8.8.8.8:53 | opygqqqcl.info | udp |
| US | 8.8.8.8:53 | fsvccqtsu.net | udp |
| US | 8.8.8.8:53 | kwfxpsky.net | udp |
| US | 8.8.8.8:53 | ptpwnlreeaxo.net | udp |
| US | 8.8.8.8:53 | eeeiusoc.com | udp |
| US | 8.8.8.8:53 | xnfyzyxmasjb.net | udp |
| US | 8.8.8.8:53 | nyjcye.info | udp |
| US | 8.8.8.8:53 | ahjoaqjwdxf.info | udp |
| US | 8.8.8.8:53 | cudqfcuxkuyv.info | udp |
| US | 8.8.8.8:53 | qjkmegbi.info | udp |
| US | 8.8.8.8:53 | dtstyn.net | udp |
| US | 8.8.8.8:53 | rltaccyr.info | udp |
| US | 8.8.8.8:53 | xgnmfeiar.info | udp |
| US | 8.8.8.8:53 | pjcmbensz.com | udp |
| US | 8.8.8.8:53 | pihdthxep.info | udp |
| US | 8.8.8.8:53 | yooeas.org | udp |
| US | 8.8.8.8:53 | zbqtpeerkb.net | udp |
| US | 8.8.8.8:53 | blhdzt.info | udp |
| US | 8.8.8.8:53 | zrbreem.net | udp |
| US | 8.8.8.8:53 | wmwyeyuqskuk.com | udp |
| US | 8.8.8.8:53 | lqdrtopobqj.info | udp |
| US | 8.8.8.8:53 | zuwrljtqss.net | udp |
| US | 8.8.8.8:53 | dvmjwdjlvp.net | udp |
| US | 8.8.8.8:53 | mwgcaamqwcwu.com | udp |
| US | 8.8.8.8:53 | wucgkyn.net | udp |
| US | 8.8.8.8:53 | iebobuuekqr.net | udp |
| US | 8.8.8.8:53 | msaeugqyakco.org | udp |
| US | 8.8.8.8:53 | vocsrh.info | udp |
| US | 8.8.8.8:53 | hafresj.net | udp |
| US | 8.8.8.8:53 | vqdmoxlojol.net | udp |
| US | 8.8.8.8:53 | ioxsxsxfd.info | udp |
| US | 8.8.8.8:53 | tmrxnmjrkb.net | udp |
| US | 8.8.8.8:53 | mmduceuqlnf.info | udp |
| US | 8.8.8.8:53 | twxklyd.org | udp |
| US | 8.8.8.8:53 | vvxmdd.net | udp |
| US | 8.8.8.8:53 | qntbcrwfjbf.info | udp |
| US | 8.8.8.8:53 | mxtsrnuu.net | udp |
| US | 8.8.8.8:53 | felsforcy.org | udp |
| US | 8.8.8.8:53 | uomieuwsgywa.com | udp |
| US | 8.8.8.8:53 | xmvchcslp.info | udp |
| US | 8.8.8.8:53 | cpsqtwszuee.net | udp |
| US | 8.8.8.8:53 | skcowg.com | udp |
| US | 8.8.8.8:53 | gnnbyqddrdv.info | udp |
| US | 8.8.8.8:53 | iafuhnb.net | udp |
| US | 8.8.8.8:53 | bxxwgblp.info | udp |
| US | 8.8.8.8:53 | jphwru.info | udp |
| US | 8.8.8.8:53 | tcfuixy.info | udp |
| US | 8.8.8.8:53 | fzkrxmam.info | udp |
| US | 8.8.8.8:53 | hkrcebpk.info | udp |
| US | 8.8.8.8:53 | riqkbl.net | udp |
| US | 8.8.8.8:53 | adyqnmo.info | udp |
| US | 8.8.8.8:53 | vczazmfdsgx.info | udp |
| US | 8.8.8.8:53 | aeustqlcgns.net | udp |
| US | 8.8.8.8:53 | fixijml.org | udp |
| US | 8.8.8.8:53 | bvrlxiawb.net | udp |
| US | 8.8.8.8:53 | xcgwemtlr.info | udp |
| US | 8.8.8.8:53 | yeuaykuyiuoc.com | udp |
| US | 8.8.8.8:53 | nhymmtng.info | udp |
| US | 8.8.8.8:53 | xerdnelor.org | udp |
| US | 8.8.8.8:53 | bujydax.net | udp |
| US | 8.8.8.8:53 | dryzbutsk.com | udp |
| US | 8.8.8.8:53 | drhqhcu.net | udp |
| US | 8.8.8.8:53 | ogrnbaiezs.net | udp |
| US | 8.8.8.8:53 | ncrrak.info | udp |
| US | 8.8.8.8:53 | tbwjkcjgbef.info | udp |
| US | 8.8.8.8:53 | sxsydftugfl.net | udp |
| US | 8.8.8.8:53 | rudshtffeh.info | udp |
| US | 8.8.8.8:53 | ejpalhvxmb.net | udp |
| US | 8.8.8.8:53 | bykujnzrl.org | udp |
| US | 8.8.8.8:53 | msoiygcw.org | udp |
Files
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
| MD5 | 7adc117b345b9bc8d96d7b574350ef60 |
| SHA1 | 19a1cee31c1bd605302e4354999e72b52cb5b590 |
| SHA256 | a4287c444430c174adfa2d98a1b5868cedc9f077931521d18a42175f76340bb1 |
| SHA512 | 81e5c8a69143f894872cd802c2db7adce7c46cabd565729c1c7b53289e084bc6d7e29b4b971d2fa0a846fffeee6653feb93e55a09f27f3592c9cc9395d1352d4 |
C:\Windows\SysWOW64\ndzqgapiavvdnepupf.exe
| MD5 | b440589d0ee46569ca9013e1c4f70261 |
| SHA1 | 39a762dc54d82d9599677234cc14856c616689c5 |
| SHA256 | 8ca695115227d8c7562dd4cd271fbffe9bb4eca124c6248b1f4ab40075883830 |
| SHA512 | 9650a7cc2a9ade07291b4c6b0fd441ae2b0bd2aa9eed5061db786c1eb56494eab6a6e63356f30d55ec780b2081ec0712753f9daac8a0ab8eef8a886c7238fb33 |
C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe
| MD5 | 1eba1d42f0e78dfab1a2e8efd9097d5c |
| SHA1 | a3095899a3235e03e6f43a221464922485baae92 |
| SHA256 | 44a1e2a94219bb1eac626755b725f23947fc15696686951aa0288d44b9561b43 |
| SHA512 | c5d7a05ffebff279d46b358d0478b3f3b75bdca0ca6b61b0188b335df8c0d0102fc5c84326394c446f39ab10572a87f6775938c54777d397a2ba8be8762ec17c |
C:\Users\Admin\AppData\Local\admqtacinvidaecucfosvcekpxk.cge
| MD5 | e5c894377aa1d7a267c33ce582c96df6 |
| SHA1 | 0cc4d0088d86b08b45667bfeb9d565b7222400e7 |
| SHA256 | 8c93a8152663bd380dfc3c73b6a3481d7b59dc4b1582abfb53c455b4ae202989 |
| SHA512 | 66b96b3013c00e7074152b70ae4a7d0bac4ec58123c0f2ce1e024a5ad9dda3eb6a11f2e589d9c1c39f5971262fac82d773d0022228ebdd3e6082906bb7babe4f |
C:\Users\Admin\AppData\Local\xlfuianeunlrzoxathbqewjaqjhnvktwpdxmas.wmf
| MD5 | aaa0b86fa293723229b460326fb9bc3c |
| SHA1 | 1f43c90881b1aa63834bf7c7bc9f13406cfc1000 |
| SHA256 | 13795577fa2044caf8146190482970a6a1a1190e4a379511cfff1020403c206d |
| SHA512 | e5ae020824f1eb8c2d06125b0d4ae44b63a0585b24c12dd8eb8dd5360e27dd5cbcc4d8b96a970396b32b47f777215efb068fd370ababb99c0406191e9248aff4 |
C:\Program Files (x86)\admqtacinvidaecucfosvcekpxk.cge
| MD5 | 97fa3366fa49240151ef49501d907dd6 |
| SHA1 | e9ef8c72051832a3aaab9f8be862f07b27192ef8 |
| SHA256 | b0a8015e2354dddb63cad9b6f23017b23e4a0025773f862b2fb88e801be21805 |
| SHA512 | 8bbf672d224e32b58dc3968c804783259fc90f84d5a440321f311c115f5c11ea95f1c3c88a347fe8e1cf758ce445e81eb25088f5f5a070bc3af622e24d45f568 |
C:\Program Files (x86)\admqtacinvidaecucfosvcekpxk.cge
| MD5 | 49496caa2f1d700aafc3fafb5022a69f |
| SHA1 | 6e9aea80ee8031ba33d91b1f6796fdb4d141183c |
| SHA256 | fd381aab8d3a3da7b9c74801ba1a6fdcc8299a1ba56ace36946b5761b0e00137 |
| SHA512 | 56877d247c644167240e4ab5d9d9512f5fb54bbab45d5343f4ddadf3d2d6ea047972ba7a6154559bd1627193f65a252b95ae5d2dac49a99e8b5851c38b2e01ce |
C:\Program Files (x86)\admqtacinvidaecucfosvcekpxk.cge
| MD5 | 6f3353e0cf27b546aae57866ccfd33a3 |
| SHA1 | aded0b60c67eb0b03622413622f3a9512f98d634 |
| SHA256 | 363c18bd8c2c52cc92cce149a5cf6d52df3aeca19a68b6e58c10eb2a04290a9d |
| SHA512 | 9993d9288c13f88593f5569d3fa55fd1f082a1c309027c778cdcdfe5c1a1d1e86399a6b48a8afdec915de9ac33cab2d703f6eab02d8b14a78ec6858014820635 |
C:\Program Files (x86)\admqtacinvidaecucfosvcekpxk.cge
| MD5 | e6ea986dceb586dec3ded0f02fd2adec |
| SHA1 | b206d12a130eb04764ae95d227f2887b5a656ee1 |
| SHA256 | 16901a0dc5010e11cc869e6972915da8dbf860df47f6ec2f3051bc82690b787d |
| SHA512 | 2591aba0892c0a7168cd3d78f28c876b81b409de2674d0b449571e4fa94a5158ac098c3ded2a17c0244a356790cf35034c2994df79abf646725d3df208b490f8 |
C:\Program Files (x86)\admqtacinvidaecucfosvcekpxk.cge
| MD5 | 19bd538851ecbe10752cc04bf8a5f274 |
| SHA1 | aaac67c07ff76bb9f72151a16c61aa8fe6e27ff8 |
| SHA256 | 10dcdc6b2c5a01ef7561c23a7c3393b1e51b05793b53d9669d30ae59ae7ce251 |
| SHA512 | a7adc0328318fea65addfe350b00094f7f0a20ee5138c026597cf9381895eb3cf7977bd6e0091b5f5d2bd405caad31368e815958638c527f88a25249c8ce70e8 |
C:\Program Files (x86)\admqtacinvidaecucfosvcekpxk.cge
| MD5 | 1341890a65852138aaaec9f7884b1d51 |
| SHA1 | 515bcc4fcbddeaba4b0533415d633bbf0459f17d |
| SHA256 | 0d8359caf74f0273e48ec986aafc934a792d0915261df99ae32d11148d708a13 |
| SHA512 | 3f089872bdd173c02a149716935b504273228ac26949f972455add789fa1ea98cea9916b722c98e9f4dfdc4edf2bf0453fccfaa316a314afcf7e56106bc46acd |
C:\Program Files (x86)\admqtacinvidaecucfosvcekpxk.cge
| MD5 | b3b0141aa1faa0672197208af2a4ece5 |
| SHA1 | b56f55f99864633ad8afdbee01527497229ac498 |
| SHA256 | 769acb7eccb35ef5739aa0e27c053c5fe862f669ea898a12bec95d79ce2bf831 |
| SHA512 | f2805c6900d4abd6a65e01d89bcca797b7409bbfe0ea8e4fe127949c5df7cf3a665070ed101b46caf6ac8febd61471c7682eeff096f892410c4b91b0d5571be8 |