Analysis Overview
SHA256
a8bea21f2d08a4952d7349aac02b6c9e0a73bf9d0ca54aeffb1db631adbac518
Threat Level: Known bad
The file JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4 was found to be: Known bad.
Malicious Activity Summary
Pykspa family
Pykspa
UAC bypass
Modifies WinLogon for persistence
Detect Pykspa worm
Disables RegEdit via registry modification
Adds policy Run key to start application
Blocklisted process makes network request
Executes dropped EXE
Impair Defenses: Safe Mode Boot
Checks computer location settings
Looks up external IP address via web service
Adds Run key to start application
Checks whether UAC is enabled
Hijack Execution Flow: Executable Installer File Permissions Weakness
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
System policy modification
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-13 10:30
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-13 10:30
Reported
2025-04-13 10:32
Platform
win10v2004-20250314-en
Max time kernel
44s
Max time network
151s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "aqqeuggogerhoeerq.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "umoewkmwqqfxgyapqfx.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "haduncfqlmcvfybrtjcf.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tihujutaroapvkjv.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "umoewkmwqqfxgyapqfx.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqumgwamikbvgaevypjnf.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "tihujutaroapvkjv.exe" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "tihujutaroapvkjv.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "haduncfqlmcvfybrtjcf.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "jabqhuvexwkbjabppd.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "aqqeuggogerhoeerq.exe" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haduncfqlmcvfybrtjcf.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "wqumgwamikbvgaevypjnf.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "aqqeuggogerhoeerq.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haduncfqlmcvfybrtjcf.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "jabqhuvexwkbjabppd.exe" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "tihujutaroapvkjv.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "tihujutaroapvkjv.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "jabqhuvexwkbjabppd.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "haduncfqlmcvfybrtjcf.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "jabqhuvexwkbjabppd.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "wqumgwamikbvgaevypjnf.exe" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haduncfqlmcvfybrtjcf.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqumgwamikbvgaevypjnf.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "tihujutaroapvkjv.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "haduncfqlmcvfybrtjcf.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "haduncfqlmcvfybrtjcf.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "umoewkmwqqfxgyapqfx.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqumgwamikbvgaevypjnf.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "tihujutaroapvkjv.exe" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\aqqeuggogerhoeerq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\aqqeuggogerhoeerq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\wqumgwamikbvgaevypjnf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\haduncfqlmcvfybrtjcf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\wqumgwamikbvgaevypjnf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\aqqeuggogerhoeerq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\jabqhuvexwkbjabppd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\tihujutaroapvkjv.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\wqumgwamikbvgaevypjnf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\aqqeuggogerhoeerq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\haduncfqlmcvfybrtjcf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\wqumgwamikbvgaevypjnf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\umoewkmwqqfxgyapqfx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\haduncfqlmcvfybrtjcf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\haduncfqlmcvfybrtjcf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\wqumgwamikbvgaevypjnf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\umoewkmwqqfxgyapqfx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\tihujutaroapvkjv.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\aqqeuggogerhoeerq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\jabqhuvexwkbjabppd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\tihujutaroapvkjv.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\aqqeuggogerhoeerq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\umoewkmwqqfxgyapqfx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\umoewkmwqqfxgyapqfx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\umoewkmwqqfxgyapqfx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\jabqhuvexwkbjabppd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\aqqeuggogerhoeerq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\haduncfqlmcvfybrtjcf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\umoewkmwqqfxgyapqfx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\umoewkmwqqfxgyapqfx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\umoewkmwqqfxgyapqfx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\umoewkmwqqfxgyapqfx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Windows\haduncfqlmcvfybrtjcf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "jabqhuvexwkbjabppd.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jabqhuvexwkbjabppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe ." | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haduncfqlmcvfybrtjcf.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "wqumgwamikbvgaevypjnf.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "aqqeuggogerhoeerq.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tihujutaroapvkjv = "tihujutaroapvkjv.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "jabqhuvexwkbjabppd.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "jabqhuvexwkbjabppd.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqqeuggogerhoeerq = "tihujutaroapvkjv.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "umoewkmwqqfxgyapqfx.exe ." | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "jabqhuvexwkbjabppd.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "haduncfqlmcvfybrtjcf.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tihujutaroapvkjv = "umoewkmwqqfxgyapqfx.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqqeuggogerhoeerq = "aqqeuggogerhoeerq.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqqeuggogerhoeerq = "haduncfqlmcvfybrtjcf.exe ." | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jabqhuvexwkbjabppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqumgwamikbvgaevypjnf.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "aqqeuggogerhoeerq.exe" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jabqhuvexwkbjabppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haduncfqlmcvfybrtjcf.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqqeuggogerhoeerq = "jabqhuvexwkbjabppd.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tihujutaroapvkjv = "umoewkmwqqfxgyapqfx.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tihujutaroapvkjv.exe" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jabqhuvexwkbjabppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "haduncfqlmcvfybrtjcf.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haduncfqlmcvfybrtjcf.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "haduncfqlmcvfybrtjcf.exe" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqqeuggogerhoeerq = "wqumgwamikbvgaevypjnf.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "tihujutaroapvkjv.exe ." | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tihujutaroapvkjv = "haduncfqlmcvfybrtjcf.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "haduncfqlmcvfybrtjcf.exe ." | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "wqumgwamikbvgaevypjnf.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tihujutaroapvkjv.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "tihujutaroapvkjv.exe" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqqeuggogerhoeerq = "tihujutaroapvkjv.exe ." | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tihujutaroapvkjv = "aqqeuggogerhoeerq.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "umoewkmwqqfxgyapqfx.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tihujutaroapvkjv.exe" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jabqhuvexwkbjabppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tihujutaroapvkjv = "wqumgwamikbvgaevypjnf.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tihujutaroapvkjv = "wqumgwamikbvgaevypjnf.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "aqqeuggogerhoeerq.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jabqhuvexwkbjabppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haduncfqlmcvfybrtjcf.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haduncfqlmcvfybrtjcf.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tihujutaroapvkjv = "tihujutaroapvkjv.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tihujutaroapvkjv = "aqqeuggogerhoeerq.exe" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqqeuggogerhoeerq = "jabqhuvexwkbjabppd.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqumgwamikbvgaevypjnf.exe" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jabqhuvexwkbjabppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "haduncfqlmcvfybrtjcf.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jabqhuvexwkbjabppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe ." | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqumgwamikbvgaevypjnf.exe | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tihujutaroapvkjv.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ningbsxkhkcxjejbfxsxql.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ningbsxkhkcxjejbfxsxql.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqumgwamikbvgaevypjnf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tihujutaroapvkjv.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ningbsxkhkcxjejbfxsxql.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ningbsxkhkcxjejbfxsxql.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jabqhuvexwkbjabppd.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tihujutaroapvkjv.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jabqhuvexwkbjabppd.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jabqhuvexwkbjabppd.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jabqhuvexwkbjabppd.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ningbsxkhkcxjejbfxsxql.exe | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tihujutaroapvkjv.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jabqhuvexwkbjabppd.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqumgwamikbvgaevypjnf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ningbsxkhkcxjejbfxsxql.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ningbsxkhkcxjejbfxsxql.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tihujutaroapvkjv.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tihujutaroapvkjv.exe | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqumgwamikbvgaevypjnf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ocamakioealzesqbyjxvhvfdjzvguznlwtesq.qay | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqumgwamikbvgaevypjnf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jabqhuvexwkbjabppd.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tihujutaroapvkjv.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ningbsxkhkcxjejbfxsxql.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jabqhuvexwkbjabppd.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\SysWOW64\nqdehgtoteehberrddgtuxwjej.uxr | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqumgwamikbvgaevypjnf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\nqdehgtoteehberrddgtuxwjej.uxr | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| File created | C:\Program Files (x86)\nqdehgtoteehberrddgtuxwjej.uxr | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| File opened for modification | C:\Program Files (x86)\ocamakioealzesqbyjxvhvfdjzvguznlwtesq.qay | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| File created | C:\Program Files (x86)\ocamakioealzesqbyjxvhvfdjzvguznlwtesq.qay | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\tihujutaroapvkjv.exe | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| File opened for modification | C:\Windows\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\ningbsxkhkcxjejbfxsxql.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\wqumgwamikbvgaevypjnf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\umoewkmwqqfxgyapqfx.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File created | C:\Windows\nqdehgtoteehberrddgtuxwjej.uxr | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| File opened for modification | C:\Windows\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\umoewkmwqqfxgyapqfx.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\ningbsxkhkcxjejbfxsxql.exe | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| File opened for modification | C:\Windows\umoewkmwqqfxgyapqfx.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\jabqhuvexwkbjabppd.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\wqumgwamikbvgaevypjnf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\wqumgwamikbvgaevypjnf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\jabqhuvexwkbjabppd.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\umoewkmwqqfxgyapqfx.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\jabqhuvexwkbjabppd.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\jabqhuvexwkbjabppd.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\tihujutaroapvkjv.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\tihujutaroapvkjv.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\umoewkmwqqfxgyapqfx.exe | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| File opened for modification | C:\Windows\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| File opened for modification | C:\Windows\ningbsxkhkcxjejbfxsxql.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\tihujutaroapvkjv.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\umoewkmwqqfxgyapqfx.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\jabqhuvexwkbjabppd.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| File opened for modification | C:\Windows\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\umoewkmwqqfxgyapqfx.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\ningbsxkhkcxjejbfxsxql.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\umoewkmwqqfxgyapqfx.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\wqumgwamikbvgaevypjnf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\ningbsxkhkcxjejbfxsxql.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\ningbsxkhkcxjejbfxsxql.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\wqumgwamikbvgaevypjnf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\wqumgwamikbvgaevypjnf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\jabqhuvexwkbjabppd.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\wqumgwamikbvgaevypjnf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\tihujutaroapvkjv.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\wqumgwamikbvgaevypjnf.exe | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| File opened for modification | C:\Windows\haduncfqlmcvfybrtjcf.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\ningbsxkhkcxjejbfxsxql.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\tihujutaroapvkjv.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\umoewkmwqqfxgyapqfx.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\tihujutaroapvkjv.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\jabqhuvexwkbjabppd.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\aqqeuggogerhoeerq.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| File opened for modification | C:\Windows\ningbsxkhkcxjejbfxsxql.exe | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jabqhuvexwkbjabppd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tihujutaroapvkjv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wqumgwamikbvgaevypjnf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jabqhuvexwkbjabppd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\haduncfqlmcvfybrtjcf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\umoewkmwqqfxgyapqfx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\haduncfqlmcvfybrtjcf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\haduncfqlmcvfybrtjcf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqqeuggogerhoeerq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wqumgwamikbvgaevypjnf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jabqhuvexwkbjabppd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\haduncfqlmcvfybrtjcf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\umoewkmwqqfxgyapqfx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tihujutaroapvkjv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqqeuggogerhoeerq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jabqhuvexwkbjabppd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wqumgwamikbvgaevypjnf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqqeuggogerhoeerq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqqeuggogerhoeerq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jabqhuvexwkbjabppd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\umoewkmwqqfxgyapqfx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqqeuggogerhoeerq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tihujutaroapvkjv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\umoewkmwqqfxgyapqfx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqqeuggogerhoeerq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wqumgwamikbvgaevypjnf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wqumgwamikbvgaevypjnf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jabqhuvexwkbjabppd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jabqhuvexwkbjabppd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqqeuggogerhoeerq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\haduncfqlmcvfybrtjcf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\aqqeuggogerhoeerq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wqumgwamikbvgaevypjnf.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\uaquacs.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe"
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."
C:\Users\Admin\AppData\Local\Temp\uaquacs.exe
"C:\Users\Admin\AppData\Local\Temp\uaquacs.exe" "-C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe"
C:\Users\Admin\AppData\Local\Temp\uaquacs.exe
"C:\Users\Admin\AppData\Local\Temp\uaquacs.exe" "-C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe .
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqumgwamikbvgaevypjnf.exe*."
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe .
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tihujutaroapvkjv.exe*."
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqumgwamikbvgaevypjnf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe .
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe .
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tihujutaroapvkjv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tihujutaroapvkjv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqumgwamikbvgaevypjnf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe .
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe .
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe .
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe .
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tihujutaroapvkjv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqumgwamikbvgaevypjnf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe .
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe .
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe .
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqumgwamikbvgaevypjnf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqumgwamikbvgaevypjnf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqumgwamikbvgaevypjnf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tihujutaroapvkjv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe .
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tihujutaroapvkjv.exe*."
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqumgwamikbvgaevypjnf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqumgwamikbvgaevypjnf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tihujutaroapvkjv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pibrplzwlhgwpzsvlnle.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Windows\pibrplzwlhgwpzsvlnle.exe
pibrplzwlhgwpzsvlnle.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqfrldngrjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cumbytgcqljyqzrtijg.exe
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe
C:\Windows\bqfrldngrjeqflaz.exe
bqfrldngrjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pibrplzwlhgwpzsvlnle.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bqfrldngrjeqflaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Windows\cumbytgcqljyqzrtijg.exe
cumbytgcqljyqzrtijg.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\riznjdpkxroctbsthh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pibrplzwlhgwpzsvlnle.exe .
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe .
C:\Windows\pibrplzwlhgwpzsvlnle.exe
pibrplzwlhgwpzsvlnle.exe .
C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bqfrldngrjeqflaz.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\pibrplzwlhgwpzsvlnle.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\pibrplzwlhgwpzsvlnle.exe
C:\Users\Admin\AppData\Local\Temp\pibrplzwlhgwpzsvlnle.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\aqqeuggogerhoeerq.exe
aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\riznjdpkxroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\riznjdpkxroctbsthh.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\puzblt.exe
"C:\Users\Admin\AppData\Local\Temp\puzblt.exe" "-C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe"
C:\Users\Admin\AppData\Local\Temp\puzblt.exe
"C:\Users\Admin\AppData\Local\Temp\puzblt.exe" "-C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe"
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqumgwamikbvgaevypjnf.exe*."
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\pibrplzwlhgwpzsvlnle.exe*."
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe .
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tihujutaroapvkjv.exe*."
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe .
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pibrplzwlhgwpzsvlnle.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\pibrplzwlhgwpzsvlnle.exe
pibrplzwlhgwpzsvlnle.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pibrplzwlhgwpzsvlnle.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\pibrplzwlhgwpzsvlnle.exe
pibrplzwlhgwpzsvlnle.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bqfrldngrjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iyobwpaugzviyfvvi.exe .
C:\Users\Admin\AppData\Local\Temp\puzblt.exe
"C:\Users\Admin\AppData\Local\Temp\puzblt.exe" "-C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe"
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\pibrplzwlhgwpzsvlnle.exe*."
C:\Windows\bqfrldngrjeqflaz.exe
bqfrldngrjeqflaz.exe
C:\Users\Admin\AppData\Local\Temp\puzblt.exe
"C:\Users\Admin\AppData\Local\Temp\puzblt.exe" "-C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cumbytgcqljyqzrtijg.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."
C:\Windows\iyobwpaugzviyfvvi.exe
iyobwpaugzviyfvvi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eysjifusiffwqbvzqtsmg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\iyobwpaugzviyfvvi.exe*."
C:\Users\Admin\AppData\Local\Temp\cumbytgcqljyqzrtijg.exe
C:\Users\Admin\AppData\Local\Temp\cumbytgcqljyqzrtijg.exe
C:\Users\Admin\AppData\Local\Temp\eysjifusiffwqbvzqtsmg.exe
C:\Users\Admin\AppData\Local\Temp\eysjifusiffwqbvzqtsmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\eysjifusiffwqbvzqtsmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cumbytgcqljyqzrtijg.exe
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pibrplzwlhgwpzsvlnle.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .
C:\Users\Admin\AppData\Local\Temp\cumbytgcqljyqzrtijg.exe
C:\Users\Admin\AppData\Local\Temp\cumbytgcqljyqzrtijg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\pibrplzwlhgwpzsvlnle.exe
C:\Users\Admin\AppData\Local\Temp\pibrplzwlhgwpzsvlnle.exe .
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\pibrplzwlhgwpzsvlnle.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Windows\tihujutaroapvkjv.exe
tihujutaroapvkjv.exe .
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tihujutaroapvkjv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\puzblt.exe
"C:\Users\Admin\AppData\Local\Temp\puzblt.exe" "-C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe"
C:\Users\Admin\AppData\Local\Temp\puzblt.exe
"C:\Users\Admin\AppData\Local\Temp\puzblt.exe" "-C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe"
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\umoewkmwqqfxgyapqfx.exe
umoewkmwqqfxgyapqfx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .
C:\Windows\haduncfqlmcvfybrtjcf.exe
haduncfqlmcvfybrtjcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Windows\jabqhuvexwkbjabppd.exe
jabqhuvexwkbjabppd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe
C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\puzblt.exe
"C:\Users\Admin\AppData\Local\Temp\puzblt.exe" "-C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe"
C:\Users\Admin\AppData\Local\Temp\puzblt.exe
"C:\Users\Admin\AppData\Local\Temp\puzblt.exe" "-C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe"
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .
C:\Windows\wqumgwamikbvgaevypjnf.exe
wqumgwamikbvgaevypjnf.exe .
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."
Network
| Country | Destination | Domain | Proto |
| GB | 95.100.153.131:443 | www.bing.com | tcp |
| GB | 95.100.153.131:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.myspace.com | udp |
| US | 34.111.176.156:80 | www.myspace.com | tcp |
| LT | 78.62.181.221:38905 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | hocumaay.info | udp |
| US | 8.8.8.8:53 | fjnzoojegm.info | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | zapyeqwvzkr.info | udp |
| US | 8.8.8.8:53 | froppiek.net | udp |
| US | 8.8.8.8:53 | uyoqcqgismus.org | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | xotndsapcj.net | udp |
| US | 8.8.8.8:53 | ztwtfdwioit.com | udp |
| US | 8.8.8.8:53 | bprpfe.net | udp |
| US | 8.8.8.8:53 | woucscei.com | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | kztwwujhvhbb.info | udp |
| US | 8.8.8.8:53 | qsosse.org | udp |
| US | 8.8.8.8:53 | rvkcjx.net | udp |
| US | 8.8.8.8:53 | nyzftgygweit.net | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | cgyuncskcsx.info | udp |
| US | 8.8.8.8:53 | zrsevhobhgyn.info | udp |
| US | 8.8.8.8:53 | govxpkzscjv.net | udp |
| US | 8.8.8.8:53 | levafjfsz.org | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | pupevught.com | udp |
| US | 8.8.8.8:53 | alhspvwvj.net | udp |
| US | 8.8.8.8:53 | kpnepoxhpsxf.info | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | isdqlqwuz.info | udp |
| US | 8.8.8.8:53 | uswuvslafdqv.net | udp |
| US | 8.8.8.8:53 | giyctiehp.net | udp |
| US | 8.8.8.8:53 | gcmyqqueke.org | udp |
| US | 8.8.8.8:53 | kwdzjtbqyxci.net | udp |
| US | 8.8.8.8:53 | qitmxgz.info | udp |
| US | 8.8.8.8:53 | ilfgqtxk.net | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | tzvmbvhflm.info | udp |
| US | 8.8.8.8:53 | bodiraodqsvn.info | udp |
| US | 8.8.8.8:53 | rkrkzffqlrlt.info | udp |
| US | 8.8.8.8:53 | ccxnxlnvobis.info | udp |
| US | 8.8.8.8:53 | xktwwsr.net | udp |
| US | 8.8.8.8:53 | memqsm.org | udp |
| US | 8.8.8.8:53 | nlcrqj.net | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | uifhes.net | udp |
| US | 8.8.8.8:53 | tsptxznj.net | udp |
| US | 8.8.8.8:53 | gcgjdwzelgh.net | udp |
| US | 8.8.8.8:53 | vopajun.org | udp |
| US | 8.8.8.8:53 | mslrigckj.info | udp |
| MD | 94.243.81.151:32953 | tcp | |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | ybrmfvxxv.info | udp |
| US | 8.8.8.8:53 | pqesqyg.info | udp |
| US | 8.8.8.8:53 | rsdpeob.info | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | cigqseoimaqg.org | udp |
| US | 8.8.8.8:53 | nasgvchqu.info | udp |
| US | 8.8.8.8:53 | pupwwufkvyx.info | udp |
| US | 8.8.8.8:53 | oiwhbqxv.net | udp |
| US | 8.8.8.8:53 | komscwgsuw.org | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | uyoioe.org | udp |
| US | 8.8.8.8:53 | gkckwaekimom.com | udp |
| US | 8.8.8.8:53 | hkpszgbkxqo.net | udp |
| US | 8.8.8.8:53 | uksymiouwu.org | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | useqkaoc.org | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | jqbgpitcuit.org | udp |
| US | 8.8.8.8:53 | nymcghstfqph.net | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | vntkhwvccor.org | udp |
| US | 8.8.8.8:53 | fwhpzmkli.net | udp |
| US | 8.8.8.8:53 | ypdjwgmy.net | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | ymggded.info | udp |
| US | 8.8.8.8:53 | pedacijnsa.net | udp |
| US | 8.8.8.8:53 | pvxdbgw.org | udp |
| US | 8.8.8.8:53 | gwwwkesewy.org | udp |
| US | 8.8.8.8:53 | gensxwp.net | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | rgkgdyzpoey.info | udp |
| US | 8.8.8.8:53 | eguuqawkyquw.com | udp |
| US | 8.8.8.8:53 | tgwatpn.net | udp |
| LT | 78.59.81.22:22543 | tcp | |
| US | 8.8.8.8:53 | ykfytsvkb.info | udp |
| US | 8.8.8.8:53 | fzzmdyv.net | udp |
| US | 8.8.8.8:53 | pfbita.info | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | ewropll.net | udp |
| US | 8.8.8.8:53 | rslcxsjadya.net | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | sgzeiuk.info | udp |
| US | 8.8.8.8:53 | sljdjssb.net | udp |
| US | 8.8.8.8:53 | lobcvegerkr.org | udp |
| US | 8.8.8.8:53 | jfnobcryvii.net | udp |
| US | 8.8.8.8:53 | isbkvrps.net | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | ymeysgcu.com | udp |
| US | 8.8.8.8:53 | uobzhkr.info | udp |
| US | 8.8.8.8:53 | oibuzatvl.info | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | ridxfwtb.net | udp |
| US | 8.8.8.8:53 | ywrtrjtd.info | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | nhsvgzwxqk.info | udp |
| US | 8.8.8.8:53 | eynitjv.info | udp |
| US | 8.8.8.8:53 | winafbcrtn.info | udp |
| US | 8.8.8.8:53 | owzahm.net | udp |
| US | 8.8.8.8:53 | uamsom.com | udp |
| US | 8.8.8.8:53 | wixsbkemfml.info | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | cixlsvmtfi.net | udp |
| US | 8.8.8.8:53 | ouhheq.net | udp |
| US | 8.8.8.8:53 | obyvrzlkyx.net | udp |
| US | 8.8.8.8:53 | aqsrdcv.info | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | jfwtqiqw.info | udp |
| US | 8.8.8.8:53 | xxnpjgn.org | udp |
| US | 8.8.8.8:53 | aofiaurftsb.info | udp |
| US | 8.8.8.8:53 | wpdoqyfrfx.net | udp |
| US | 8.8.8.8:53 | xpfqfaahzga.org | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | rimlgx.info | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | wsrhpyhqp.info | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | hcozmmsojyel.net | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | johenidnc.info | udp |
| US | 8.8.8.8:53 | vpdhxcrirjf.info | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | blthblej.net | udp |
| US | 8.8.8.8:53 | bpyajdbltb.net | udp |
| US | 8.8.8.8:53 | kucwnqehh.net | udp |
| US | 8.8.8.8:53 | wydiwsxoeon.info | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | vwhvlmc.org | udp |
| US | 8.8.8.8:53 | cblwdcsww.net | udp |
| US | 8.8.8.8:53 | icfyjuj.info | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | igamxkgtuzzv.net | udp |
| US | 8.8.8.8:53 | ycldyd.info | udp |
| US | 8.8.8.8:53 | ciwzdihblmva.net | udp |
| US | 8.8.8.8:53 | zabxnpoybe.net | udp |
| US | 8.8.8.8:53 | uclbdocgzm.info | udp |
| GB | 84.32.156.22:39686 | tcp | |
| US | 8.8.8.8:53 | cueqgmmk.org | udp |
| US | 8.8.8.8:53 | blrsrk.info | udp |
| US | 8.8.8.8:53 | zrtvkovjom.net | udp |
| US | 8.8.8.8:53 | mmeekgceuu.org | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | rcnbdafgb.com | udp |
| US | 8.8.8.8:53 | vjgmbjvoxy.info | udp |
| US | 8.8.8.8:53 | rnnntrt.net | udp |
| US | 8.8.8.8:53 | nibyjubkn.org | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | zshinvo.info | udp |
| US | 8.8.8.8:53 | mpcyjhznhtsc.info | udp |
| US | 8.8.8.8:53 | ytpxoc.info | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | slcltwio.info | udp |
| US | 8.8.8.8:53 | osesigaq.org | udp |
| US | 8.8.8.8:53 | octacye.info | udp |
| US | 8.8.8.8:53 | jlwmpy.net | udp |
| US | 8.8.8.8:53 | bvaajan.net | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | zrltvprxsu.info | udp |
| US | 8.8.8.8:53 | cesmwmgyww.org | udp |
| US | 8.8.8.8:53 | degaqrbkgn.net | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | pqhowkyyb.com | udp |
| US | 8.8.8.8:53 | zmoirscpvk.net | udp |
| US | 8.8.8.8:53 | tspkhyaji.net | udp |
| US | 8.8.8.8:53 | hvfozqljs.net | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | iucwigoawkua.org | udp |
| US | 8.8.8.8:53 | aguwrdos.info | udp |
| US | 8.8.8.8:53 | uitwbypea.net | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | khbjlkak.info | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | fztdptaynkh.org | udp |
| US | 8.8.8.8:53 | cpqavxamxofl.net | udp |
| US | 8.8.8.8:53 | ftdifgnbmf.net | udp |
| US | 8.8.8.8:53 | danlwufmkwi.com | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | pjxpkerykil.net | udp |
| US | 8.8.8.8:53 | oatsbf.info | udp |
| US | 8.8.8.8:53 | xepssfvgd.net | udp |
| US | 8.8.8.8:53 | tmcrau.net | udp |
| US | 8.8.8.8:53 | ikjvtkvkvbfs.net | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | nzcaoixktsv.net | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | bererifed.org | udp |
| US | 8.8.8.8:53 | fimvsoenpwzf.net | udp |
| US | 8.8.8.8:53 | uuesqkoo.org | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | lvxxvmb.net | udp |
| US | 8.8.8.8:53 | siikswawcu.org | udp |
| US | 8.8.8.8:53 | fczqnj.info | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | hfdckenfs.info | udp |
| US | 8.8.8.8:53 | czsglhnr.info | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | sgpomch.info | udp |
| US | 8.8.8.8:53 | oegemmmqyciw.org | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | oitrzcr.net | udp |
| US | 8.8.8.8:53 | nodpflbez.net | udp |
| US | 8.8.8.8:53 | binfluf.info | udp |
| US | 8.8.8.8:53 | pmrqwok.info | udp |
| US | 8.8.8.8:53 | jgodruhkg.com | udp |
| US | 8.8.8.8:53 | zgheomg.net | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | icvabulxg.info | udp |
| US | 8.8.8.8:53 | qsxbgqxxn.info | udp |
| US | 8.8.8.8:53 | xierdb.net | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | siyomwgkwm.com | udp |
| US | 8.8.8.8:53 | wcdphtcv.net | udp |
| US | 8.8.8.8:53 | wesqomoqak.com | udp |
| US | 8.8.8.8:53 | ftluem.net | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | rmxcbjfas.org | udp |
| US | 8.8.8.8:53 | kcfoqkfydprw.net | udp |
| US | 8.8.8.8:53 | iuueomca.com | udp |
| US | 8.8.8.8:53 | wwiykiayoiys.org | udp |
| US | 8.8.8.8:53 | iqaqie.org | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | sqsukwgs.org | udp |
| US | 8.8.8.8:53 | hvlwaxgkloob.net | udp |
| US | 8.8.8.8:53 | retkbx.net | udp |
| US | 8.8.8.8:53 | vggolunozkp.info | udp |
| US | 8.8.8.8:53 | tuhzdcfgy.info | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | vogrfurnj.info | udp |
| US | 8.8.8.8:53 | iagsdivaz.net | udp |
| US | 8.8.8.8:53 | lxhzkvzdj.org | udp |
| US | 8.8.8.8:53 | wzwexoganj.net | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | teftzgy.org | udp |
| US | 8.8.8.8:53 | hpdmoqbglwx.org | udp |
| US | 8.8.8.8:53 | vesutvvuqad.com | udp |
| US | 8.8.8.8:53 | srpkgx.net | udp |
| US | 8.8.8.8:53 | oieqie.org | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | hjeddujlbov.info | udp |
| US | 8.8.8.8:53 | moqkgyismu.com | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | ytarjeqk.info | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | uwieey.org | udp |
| US | 8.8.8.8:53 | plbtsjvqbe.net | udp |
| US | 8.8.8.8:53 | tkqcwzagp.info | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | sucuyquq.com | udp |
| US | 8.8.8.8:53 | tgtmtju.info | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| LT | 78.59.81.22:22543 | tcp | |
| US | 8.8.8.8:53 | gpbpxipcbt.net | udp |
| US | 8.8.8.8:53 | pvbxhsuirz.net | udp |
| US | 8.8.8.8:53 | obtqfwxlfyz.info | udp |
| US | 8.8.8.8:53 | quyeeieegiwc.org | udp |
| US | 8.8.8.8:53 | xrcwqqf.org | udp |
| US | 8.8.8.8:53 | gwdidpklygjg.net | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | sgakgq.org | udp |
| US | 8.8.8.8:53 | aihumuo.info | udp |
| US | 8.8.8.8:53 | rcrvzujojib.net | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | poxkdmf.net | udp |
| US | 8.8.8.8:53 | drtpvlde.info | udp |
| US | 8.8.8.8:53 | jlkzckiryhcw.net | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | vtutkaklzv.net | udp |
| US | 8.8.8.8:53 | hnxuyepk.net | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | zedotwtv.net | udp |
| US | 8.8.8.8:53 | kicygskg.com | udp |
| US | 8.8.8.8:53 | setehb.net | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | bkvvuzcwcqac.net | udp |
| US | 8.8.8.8:53 | stijsnzdhh.net | udp |
| US | 8.8.8.8:53 | nkbylid.org | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | tgtouua.info | udp |
| US | 8.8.8.8:53 | kmayeqasww.org | udp |
| US | 8.8.8.8:53 | eemusgke.org | udp |
| US | 8.8.8.8:53 | nwtiiruu.net | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | lmtqfhhfboxh.info | udp |
| US | 8.8.8.8:53 | lfqsjee.info | udp |
| LT | 78.59.46.22:33741 | tcp | |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | pypdqajwq.info | udp |
| US | 8.8.8.8:53 | sdgahalflmgk.net | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | xrhuiv.net | udp |
| US | 8.8.8.8:53 | maiuhxqtuigu.info | udp |
| US | 8.8.8.8:53 | ufhwjus.info | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | wuljafplczf.info | udp |
| US | 8.8.8.8:53 | tmrsrsxdd.com | udp |
| US | 8.8.8.8:53 | vglgnkjsfud.net | udp |
| US | 8.8.8.8:53 | woxgftsg.info | udp |
| US | 8.8.8.8:53 | lwavkp.info | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | ydvcpotsc.info | udp |
| US | 8.8.8.8:53 | kmaoka.org | udp |
| US | 8.8.8.8:53 | dihdqndj.info | udp |
| US | 8.8.8.8:53 | yswwsaqoemuu.org | udp |
| US | 8.8.8.8:53 | itjyvllhd.info | udp |
| US | 8.8.8.8:53 | ewxibuxqu.info | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | fkbupmdij.org | udp |
| US | 8.8.8.8:53 | jfvjbwlr.net | udp |
| US | 8.8.8.8:53 | xtztvr.net | udp |
| US | 8.8.8.8:53 | rphwit.info | udp |
| US | 8.8.8.8:53 | pwnahv.info | udp |
| US | 8.8.8.8:53 | eiiiqigo.org | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | gahthmz.net | udp |
| US | 8.8.8.8:53 | lzfgtccsw.com | udp |
| US | 8.8.8.8:53 | jbbzhcftbk.info | udp |
| US | 8.8.8.8:53 | isyuftvucjqo.net | udp |
| US | 8.8.8.8:53 | qksyelorzodq.net | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | kyesqaguqc.com | udp |
| US | 8.8.8.8:53 | auagfdipnmli.net | udp |
| US | 8.8.8.8:53 | japcxipmv.org | udp |
| US | 8.8.8.8:53 | ftiiuewzbdxo.net | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| MX | 89.117.110.205:43875 | tcp | |
| US | 8.8.8.8:53 | dirhbueqd.net | udp |
| US | 8.8.8.8:53 | dwlkxinvpot.net | udp |
| US | 8.8.8.8:53 | wrxxewoxbsno.net | udp |
| US | 8.8.8.8:53 | clrijfzgzdgr.net | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | ojomuhvd.info | udp |
| US | 8.8.8.8:53 | wtduygwpgy.info | udp |
| US | 8.8.8.8:53 | rplzbsvgljdp.net | udp |
| US | 8.8.8.8:53 | kpbyxlybogfg.info | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | zutwksnln.net | udp |
| US | 8.8.8.8:53 | rgtxhupb.info | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | pgjkjdbaz.info | udp |
| US | 8.8.8.8:53 | eyiook.org | udp |
| US | 8.8.8.8:53 | pqfglabyzvl.info | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | ysgosogy.org | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | qdtzrobt.info | udp |
| US | 8.8.8.8:53 | wcdozqnor.net | udp |
| US | 8.8.8.8:53 | bfrabyr.net | udp |
| US | 8.8.8.8:53 | thfzzkroyftu.info | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | hmnxew.net | udp |
| US | 8.8.8.8:53 | khzqdubyhlv.info | udp |
| US | 8.8.8.8:53 | sywmccokec.com | udp |
| US | 8.8.8.8:53 | uoxartumgvpy.net | udp |
| US | 8.8.8.8:53 | avfgzaz.net | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | qilzkqjurj.net | udp |
| US | 8.8.8.8:53 | lmeibor.info | udp |
| US | 8.8.8.8:53 | xhswpbdcoeq.net | udp |
| US | 8.8.8.8:53 | cuyxjcvgnaf.net | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | osayak.org | udp |
| US | 8.8.8.8:53 | weodhdlqvvbi.info | udp |
| US | 8.8.8.8:53 | jbzndywy.net | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | yzhavgvmt.info | udp |
| US | 8.8.8.8:53 | vadcholsgssf.info | udp |
| US | 8.8.8.8:53 | csgolyphzt.net | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | rgpuplzmd.com | udp |
| US | 8.8.8.8:53 | ztkdkkta.net | udp |
| US | 8.8.8.8:53 | mlowkxrcihfb.net | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | qbpgkkbyj.net | udp |
| US | 8.8.8.8:53 | mlgtvrbc.info | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | hinthmy.org | udp |
| US | 8.8.8.8:53 | zgysfi.info | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | dgbgnihcjyx.net | udp |
| US | 8.8.8.8:53 | ymrcfgviz.info | udp |
| US | 8.8.8.8:53 | ssycom.com | udp |
| US | 8.8.8.8:53 | hmjccwkvq.net | udp |
| US | 8.8.8.8:53 | xnjwui.info | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | lnjqrcdbycd.org | udp |
| US | 8.8.8.8:53 | ycvljbkemah.net | udp |
| US | 8.8.8.8:53 | fuhmris.info | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | yyokkm.com | udp |
| US | 8.8.8.8:53 | kvjrtyadjwuj.net | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | bhamfu.info | udp |
| US | 8.8.8.8:53 | avxulcimvur.net | udp |
| LT | 78.60.148.98:43269 | tcp | |
| US | 8.8.8.8:53 | nsgpgmyopzxi.net | udp |
| US | 8.8.8.8:53 | lccezxrw.info | udp |
| US | 8.8.8.8:53 | aojzlwvws.net | udp |
| US | 8.8.8.8:53 | fwhaple.net | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | xifotgfmo.org | udp |
| US | 8.8.8.8:53 | todyxcpvqgvq.info | udp |
| US | 8.8.8.8:53 | awuccyyy.com | udp |
| US | 8.8.8.8:53 | shutbqaeup.info | udp |
| US | 8.8.8.8:53 | qopgbkpntyz.info | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | kceyusugum.com | udp |
| US | 8.8.8.8:53 | pwzsfwx.net | udp |
| US | 8.8.8.8:53 | pierdmrs.net | udp |
| US | 8.8.8.8:53 | imguiiyqsy.org | udp |
| US | 8.8.8.8:53 | scjilzkwijmj.info | udp |
| US | 8.8.8.8:53 | xgdybfvz.info | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | vlptqvxopix.com | udp |
| US | 8.8.8.8:53 | ssqkrttphaib.info | udp |
| US | 8.8.8.8:53 | ikfohktht.info | udp |
| US | 8.8.8.8:53 | oycwjqh.net | udp |
| US | 8.8.8.8:53 | cgjpjb.net | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | iqywycos.com | udp |
| US | 8.8.8.8:53 | vyjiwodak.com | udp |
| US | 8.8.8.8:53 | magigkui.org | udp |
| US | 8.8.8.8:53 | tnusfiyjmdox.net | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | ifbuvqyhuzoq.net | udp |
| US | 8.8.8.8:53 | vqufawsahe.info | udp |
| US | 8.8.8.8:53 | xyerjemobwc.com | udp |
| US | 8.8.8.8:53 | jfsrex.net | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | lxjvbaiqrv.info | udp |
| US | 8.8.8.8:53 | ualeonh.info | udp |
| US | 8.8.8.8:53 | wgooiqmg.com | udp |
| US | 8.8.8.8:53 | cgmdkpal.info | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | nynfvafcolh.com | udp |
| US | 8.8.8.8:53 | omkoeigekeie.org | udp |
| US | 8.8.8.8:53 | zizgock.net | udp |
| US | 8.8.8.8:53 | rvrizktyup.info | udp |
| US | 8.8.8.8:53 | gwwkgmko.com | udp |
| US | 8.8.8.8:53 | shetxympph.net | udp |
| US | 8.8.8.8:53 | bkfrzddv.net | udp |
| US | 8.8.8.8:53 | uyunsbtk.net | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | aouqcoqakseq.com | udp |
| US | 8.8.8.8:53 | jgbssck.com | udp |
| US | 8.8.8.8:53 | gygsqakm.com | udp |
| US | 8.8.8.8:53 | eyfezgpdwcd.net | udp |
| US | 8.8.8.8:53 | uywemq.com | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | swqqgeqseyey.com | udp |
| US | 8.8.8.8:53 | dnlqpgzsg.net | udp |
| US | 8.8.8.8:53 | auaglvpgrdk.info | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | kehujefin.net | udp |
| US | 8.8.8.8:53 | rwaqcsvyb.info | udp |
| US | 8.8.8.8:53 | zrfbfefl.info | udp |
| US | 8.8.8.8:53 | bodpugvwy.org | udp |
| LT | 78.62.181.221:38905 | tcp | |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | iioywieasc.org | udp |
| US | 8.8.8.8:53 | clvsbiria.info | udp |
| US | 8.8.8.8:53 | oxeboq.info | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | cvmvto.info | udp |
| US | 8.8.8.8:53 | bqbhhupq.net | udp |
| US | 8.8.8.8:53 | rekrtk.net | udp |
| US | 8.8.8.8:53 | jflgtndgid.net | udp |
| US | 8.8.8.8:53 | fynhldb.info | udp |
| US | 8.8.8.8:53 | acooowoc.com | udp |
| US | 8.8.8.8:53 | nbzqqsoovfpm.net | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | nrfqekbekot.com | udp |
| US | 8.8.8.8:53 | xuqxev.info | udp |
| US | 8.8.8.8:53 | rglewtcyiu.info | udp |
| US | 8.8.8.8:53 | fqjsbwjyxun.com | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | bbozkgsr.info | udp |
| US | 8.8.8.8:53 | wucoii.org | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | womwusee.org | udp |
| US | 8.8.8.8:53 | ctvjbvpeb.net | udp |
| US | 8.8.8.8:53 | xdojlbbt.info | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | jyerwuk.net | udp |
| US | 8.8.8.8:53 | jouzhis.net | udp |
| US | 8.8.8.8:53 | vieyfklehuh.info | udp |
| US | 8.8.8.8:53 | gxknzs.net | udp |
| US | 8.8.8.8:53 | idjwpyp.net | udp |
| US | 8.8.8.8:53 | oocmqggais.com | udp |
| US | 8.8.8.8:53 | bfacqdhj.net | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | eqaukoyw.com | udp |
| US | 8.8.8.8:53 | bmbrdp.net | udp |
| US | 8.8.8.8:53 | oengsobme.info | udp |
| BG | 77.78.32.98:19619 | tcp | |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | rqvwonbbhoe.org | udp |
| US | 8.8.8.8:53 | jutnsfbkfdyc.info | udp |
| US | 8.8.8.8:53 | iywuwwoet.net | udp |
| US | 8.8.8.8:53 | lwwwre.info | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | qaigyoes.com | udp |
| US | 8.8.8.8:53 | dldjylh.info | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | blgmnct.org | udp |
| US | 8.8.8.8:53 | kcqswsmy.org | udp |
| US | 8.8.8.8:53 | tenars.net | udp |
| US | 8.8.8.8:53 | qtharisbiay.info | udp |
| US | 8.8.8.8:53 | zltybfjrzw.net | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | haiflyy.net | udp |
| US | 8.8.8.8:53 | mkawqy.com | udp |
| US | 8.8.8.8:53 | eimosqyeae.org | udp |
| US | 8.8.8.8:53 | bjwfbzlupwsc.info | udp |
| US | 8.8.8.8:53 | lnywrmuyt.net | udp |
| US | 8.8.8.8:53 | tspcdoc.net | udp |
| US | 8.8.8.8:53 | calrnmaaldf.net | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | rwckbqtwkkx.com | udp |
| US | 8.8.8.8:53 | zquakcjmfak.net | udp |
| US | 8.8.8.8:53 | wrvmsbh.net | udp |
| US | 8.8.8.8:53 | lkjeqegaqpdl.info | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | agjbxjfef.info | udp |
| US | 8.8.8.8:53 | wghcdsrxf.net | udp |
| US | 8.8.8.8:53 | acmwgs.org | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | rsdqzgdto.org | udp |
| US | 8.8.8.8:53 | dnehqdgltieb.info | udp |
| US | 8.8.8.8:53 | awkejgjsynj.info | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | dodwzvfuu.org | udp |
| US | 8.8.8.8:53 | zwgsbuhvn.net | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | cmagsgks.org | udp |
| US | 8.8.8.8:53 | wkftjtlspd.info | udp |
| US | 8.8.8.8:53 | jmzqxwwr.info | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | udppeclxnofw.info | udp |
| US | 8.8.8.8:53 | xmfkjsxqdio.com | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | syoczqjypol.net | udp |
| US | 8.8.8.8:53 | dfqmjbtv.net | udp |
| US | 8.8.8.8:53 | ipnnzlcu.info | udp |
| US | 8.8.8.8:53 | pkhfxlnivx.net | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | tykedsp.com | udp |
| US | 8.8.8.8:53 | rrxbvkppbkhy.net | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | dgtcgwryzcx.com | udp |
| US | 8.8.8.8:53 | wuwuci.org | udp |
| US | 8.8.8.8:53 | ytrrrxqp.info | udp |
| US | 8.8.8.8:53 | kqvzgwxwxr.net | udp |
| US | 8.8.8.8:53 | jyphfltyx.net | udp |
| US | 8.8.8.8:53 | wqiweome.com | udp |
| US | 8.8.8.8:53 | refwbh.net | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | daanvwjkzntb.net | udp |
| US | 8.8.8.8:53 | tzmdsfz.info | udp |
| US | 8.8.8.8:53 | ywghmez.net | udp |
| US | 8.8.8.8:53 | hshhrol.net | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| LV | 78.84.68.218:43561 | tcp | |
| US | 8.8.8.8:53 | dvcqtiii.net | udp |
| US | 8.8.8.8:53 | puigdybmag.net | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | ajlrhqd.net | udp |
| US | 8.8.8.8:53 | pawktzw.com | udp |
| US | 8.8.8.8:53 | aeaayy.com | udp |
| US | 8.8.8.8:53 | lchivmxwjx.info | udp |
| US | 8.8.8.8:53 | gcfapzmmft.info | udp |
| US | 8.8.8.8:53 | usrmwfq.info | udp |
| US | 8.8.8.8:53 | mmecwoqmgeom.com | udp |
| US | 8.8.8.8:53 | oiyavchfmqi.info | udp |
| US | 8.8.8.8:53 | oqqcadhrs.info | udp |
| US | 8.8.8.8:53 | yrlulzxual.info | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | enngwojenwf.net | udp |
| US | 8.8.8.8:53 | ueucigcsyk.org | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | lqinfwlthr.info | udp |
| US | 8.8.8.8:53 | mmqqem.org | udp |
| US | 8.8.8.8:53 | taddjusedcu.com | udp |
| US | 8.8.8.8:53 | upirthbxqwvd.info | udp |
| US | 8.8.8.8:53 | hmhcdcyflttr.info | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | smttxeoqxlls.info | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | bywqeq.info | udp |
| US | 8.8.8.8:53 | hqmplmldnap.net | udp |
| US | 8.8.8.8:53 | dqsrugitnf.net | udp |
| US | 8.8.8.8:53 | gcpqpkgyhxn.net | udp |
| US | 8.8.8.8:53 | aeomsgsg.org | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | avhsdbrn.net | udp |
| US | 8.8.8.8:53 | qogmsycq.com | udp |
| US | 8.8.8.8:53 | mapydxcqq.info | udp |
| US | 8.8.8.8:53 | dkznsr.info | udp |
| US | 8.8.8.8:53 | ictdpxfltl.net | udp |
| US | 8.8.8.8:53 | mkdvhtb.info | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | evvbiytgi.net | udp |
| US | 8.8.8.8:53 | mqiotqsm.net | udp |
| US | 8.8.8.8:53 | cuvegc.net | udp |
| US | 8.8.8.8:53 | yiqciyioik.com | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | xolowiuilsl.org | udp |
| LT | 78.60.148.98:43269 | tcp | |
| US | 8.8.8.8:53 | twkgiylcp.net | udp |
| US | 8.8.8.8:53 | rltqjtdglsx.net | udp |
| US | 8.8.8.8:53 | xixvvyxgtndv.info | udp |
| US | 8.8.8.8:53 | ihxonmuvbbok.net | udp |
| US | 8.8.8.8:53 | ebfmxwrklax.info | udp |
| US | 8.8.8.8:53 | pmlulepmd.info | udp |
| US | 8.8.8.8:53 | auodget.net | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | zolqnkj.net | udp |
| US | 8.8.8.8:53 | aibniwzmfmx.net | udp |
| US | 8.8.8.8:53 | hkpenqem.net | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | nklqsax.org | udp |
| US | 8.8.8.8:53 | iyimqywi.org | udp |
| US | 8.8.8.8:53 | esumocis.com | udp |
| US | 8.8.8.8:53 | bisbulcakr.net | udp |
| US | 8.8.8.8:53 | oyddqawil.net | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | xojxdvtiweaf.info | udp |
| US | 8.8.8.8:53 | cjsfmi.net | udp |
| US | 8.8.8.8:53 | ymmsfod.net | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | wwncxhhwz.net | udp |
| US | 8.8.8.8:53 | cjmcshuh.net | udp |
| US | 8.8.8.8:53 | qapsimp.info | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | plfbyb.net | udp |
| US | 8.8.8.8:53 | juqigix.net | udp |
| US | 8.8.8.8:53 | ggsuwqqamm.org | udp |
| US | 8.8.8.8:53 | lvdqlxc.org | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | rumgxob.info | udp |
| US | 8.8.8.8:53 | xrueomvkfqd.info | udp |
| US | 8.8.8.8:53 | iopizhyo.info | udp |
| US | 8.8.8.8:53 | fwrxmmoz.net | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | fgdcfwr.org | udp |
| US | 8.8.8.8:53 | tzvsokkaflay.net | udp |
| US | 8.8.8.8:53 | zytyxrxurdbf.info | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | cofqjbbeduo.net | udp |
| US | 8.8.8.8:53 | mgvnpyc.info | udp |
| US | 8.8.8.8:53 | phskcqcuwu.net | udp |
| US | 8.8.8.8:53 | egqmuoks.com | udp |
| US | 8.8.8.8:53 | lfdufcziuqh.com | udp |
| US | 8.8.8.8:53 | cdumbnoym.net | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | aghmrkglv.info | udp |
| LT | 78.59.46.22:33741 | tcp | |
| US | 8.8.8.8:53 | qkvohlrwguv.net | udp |
| US | 8.8.8.8:53 | soscco.com | udp |
| US | 8.8.8.8:53 | btvfdedpj.com | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | wkmuqqceeqwc.com | udp |
| US | 8.8.8.8:53 | tixzxidujbo.com | udp |
| US | 8.8.8.8:53 | sizgwst.info | udp |
| US | 8.8.8.8:53 | rbfvfbhgldx.org | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | hkugduovdkj.org | udp |
| US | 8.8.8.8:53 | maaowyiagy.com | udp |
| US | 8.8.8.8:53 | coceicasagwc.com | udp |
| US | 8.8.8.8:53 | jadekwtktxn.net | udp |
| US | 8.8.8.8:53 | wauucaig.com | udp |
| US | 8.8.8.8:53 | fdnzhbvmhv.info | udp |
| US | 8.8.8.8:53 | ciubvdte.net | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | nlpmtrycndot.net | udp |
| US | 8.8.8.8:53 | elbjut.info | udp |
| US | 8.8.8.8:53 | bsthhwlip.org | udp |
| US | 8.8.8.8:53 | osicygig.org | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | rwzcxgjwuvi.com | udp |
| US | 8.8.8.8:53 | xffuyuf.net | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | bmqepltytgk.com | udp |
| US | 8.8.8.8:53 | zwlxtotfmzfj.info | udp |
| US | 8.8.8.8:53 | htharub.info | udp |
| US | 8.8.8.8:53 | foomxud.net | udp |
| US | 8.8.8.8:53 | gxiyvtayhqz.info | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | gsaiee.com | udp |
| US | 8.8.8.8:53 | lzeuldpdtisn.net | udp |
| US | 8.8.8.8:53 | ubzahitz.net | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | wxrgagtkn.info | udp |
| US | 8.8.8.8:53 | peyjvkhbdb.net | udp |
| US | 8.8.8.8:53 | xfkldswwgb.net | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | pyyfhhxrpj.info | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| MD | 94.243.81.151:32953 | tcp | |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | rlezsvhi.info | udp |
| US | 8.8.8.8:53 | qzqdptqbpwwi.info | udp |
| US | 8.8.8.8:53 | emgcsoky.com | udp |
| US | 8.8.8.8:53 | rtfhbxdmvj.info | udp |
| US | 8.8.8.8:53 | fmrpwrmmpkp.net | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | aaqabcakhgu.info | udp |
| US | 8.8.8.8:53 | wuribyc.info | udp |
| US | 8.8.8.8:53 | hdrdrq.net | udp |
| US | 8.8.8.8:53 | kqmeqmmeog.org | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | caqvfr.info | udp |
| US | 8.8.8.8:53 | dmcaob.info | udp |
| US | 8.8.8.8:53 | hzkqdghabtcs.net | udp |
| US | 8.8.8.8:53 | tmfbwu.info | udp |
| US | 8.8.8.8:53 | sakgqu.com | udp |
| US | 8.8.8.8:53 | ggyisgksmi.com | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | nopkmjvufmt.org | udp |
| US | 8.8.8.8:53 | balodnd.org | udp |
| US | 8.8.8.8:53 | lfoqaf.net | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | pvtjdudyjka.info | udp |
| US | 8.8.8.8:53 | zzgmzasqe.info | udp |
| US | 8.8.8.8:53 | vjaioeucteg.info | udp |
| US | 8.8.8.8:53 | bksnsraylcdo.info | udp |
| US | 8.8.8.8:53 | lbbkib.net | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | zuqiagssgun.info | udp |
| US | 8.8.8.8:53 | erwoegn.net | udp |
| US | 8.8.8.8:53 | iooumykcgo.com | udp |
| US | 8.8.8.8:53 | fcxnbsp.info | udp |
| US | 8.8.8.8:53 | dksupyh.net | udp |
| US | 8.8.8.8:53 | xwbald.net | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | seuaqqgigcgk.org | udp |
| US | 8.8.8.8:53 | bvhczkzhpeh.net | udp |
| US | 8.8.8.8:53 | bgtnkiqcje.info | udp |
| US | 8.8.8.8:53 | gnjamyvkap.info | udp |
| US | 8.8.8.8:53 | fkdoujsibbaq.net | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | sctktlxx.info | udp |
| US | 8.8.8.8:53 | mtiurius.info | udp |
| US | 8.8.8.8:53 | scrwrltgfgx.net | udp |
| US | 8.8.8.8:53 | vhhtpgynaxts.info | udp |
| US | 8.8.8.8:53 | yhecnebmc.info | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | qejdfl.info | udp |
| US | 8.8.8.8:53 | lscmhttet.org | udp |
| US | 8.8.8.8:53 | qqyqfgb.info | udp |
| US | 8.8.8.8:53 | gtnlpbsads.info | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | rdbimcd.com | udp |
| US | 8.8.8.8:53 | bihqbimqi.info | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | eeqsqygcsw.com | udp |
| US | 8.8.8.8:53 | ocdjplbwe.info | udp |
| US | 8.8.8.8:53 | vpxcexye.net | udp |
| US | 8.8.8.8:53 | wvtjghlmb.info | udp |
| GB | 84.32.156.22:39686 | tcp | |
| US | 8.8.8.8:53 | qaukholfi.info | udp |
| US | 8.8.8.8:53 | yxduxkg.info | udp |
| US | 8.8.8.8:53 | xgqaxobojgf.info | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | umgokkyqgsui.com | udp |
| US | 8.8.8.8:53 | sqrynvgtfu.net | udp |
| US | 8.8.8.8:53 | ihbdrk.net | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | srsuxup.net | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | erozvp.info | udp |
| US | 8.8.8.8:53 | fomgzbwumqv.net | udp |
| US | 8.8.8.8:53 | dmempclltuy.com | udp |
| US | 8.8.8.8:53 | cgzqtowog.info | udp |
| US | 8.8.8.8:53 | yyqmkkuq.org | udp |
| US | 8.8.8.8:53 | aghfbcv.info | udp |
| US | 8.8.8.8:53 | dbzubhbcrizq.net | udp |
| US | 8.8.8.8:53 | ienmlqjel.info | udp |
| US | 8.8.8.8:53 | xrqkxonyhj.info | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | lzykngtyngi.net | udp |
| US | 8.8.8.8:53 | xsdnrqzlttny.net | udp |
| US | 8.8.8.8:53 | hqirucxqt.info | udp |
| US | 8.8.8.8:53 | twdshchetau.net | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| US | 8.8.8.8:53 | egwgigmogy.org | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | ylaeolfvzq.info | udp |
| US | 8.8.8.8:53 | rmtcdkc.com | udp |
| US | 8.8.8.8:53 | ptifiemhqb.net | udp |
| US | 8.8.8.8:53 | bspvugqr.info | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | zjxtdcttphlv.net | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | giekgyskeiik.org | udp |
| US | 8.8.8.8:53 | brxwaqiqzr.info | udp |
| US | 8.8.8.8:53 | gwwwemmcwe.org | udp |
| US | 8.8.8.8:53 | eoeagams.com | udp |
| US | 8.8.8.8:53 | bavppixu.net | udp |
| US | 8.8.8.8:53 | noqfszyjhkxi.net | udp |
| US | 8.8.8.8:53 | xymahup.info | udp |
| US | 8.8.8.8:53 | huxusajytka.org | udp |
| US | 8.8.8.8:53 | ikmoymeaauuc.org | udp |
| US | 8.8.8.8:53 | fkgritslx.org | udp |
| US | 8.8.8.8:53 | skkcsuik.com | udp |
| US | 8.8.8.8:53 | pevnncri.net | udp |
| US | 8.8.8.8:53 | mvhsfmfuxj.info | udp |
| US | 8.8.8.8:53 | fqmskcq.net | udp |
| US | 8.8.8.8:53 | ptpwnlreeaxo.net | udp |
| US | 8.8.8.8:53 | bqdxbohqbyzd.net | udp |
| US | 8.8.8.8:53 | mkzgnxppvp.info | udp |
| US | 8.8.8.8:53 | eeeiusoc.com | udp |
| US | 8.8.8.8:53 | bbugwn.net | udp |
| US | 8.8.8.8:53 | dtstyn.net | udp |
| US | 8.8.8.8:53 | zbqtpeerkb.net | udp |
| US | 8.8.8.8:53 | zuwrljtqss.net | udp |
| US | 8.8.8.8:53 | bmlgcepmz.net | udp |
| US | 8.8.8.8:53 | iupahil.net | udp |
| US | 8.8.8.8:53 | pckuqdyu.net | udp |
| US | 8.8.8.8:53 | msaeugqyakco.org | udp |
| US | 8.8.8.8:53 | dmjybkv.com | udp |
| US | 8.8.8.8:53 | iukgnl.info | udp |
| US | 8.8.8.8:53 | otsepnrzqbzu.info | udp |
| US | 8.8.8.8:53 | tmrxnmjrkb.net | udp |
| US | 8.8.8.8:53 | ltowjw.net | udp |
| US | 8.8.8.8:53 | uomieuwsgywa.com | udp |
| US | 8.8.8.8:53 | hkjnjxfxwod.net | udp |
| US | 8.8.8.8:53 | wgghgw.net | udp |
| US | 8.8.8.8:53 | rdyufshhrl.info | udp |
| US | 8.8.8.8:53 | fzkrxmam.info | udp |
| US | 8.8.8.8:53 | lwocjixqmen.com | udp |
| US | 8.8.8.8:53 | qowyhj.net | udp |
| US | 8.8.8.8:53 | alfkhxn.info | udp |
| US | 8.8.8.8:53 | fixijml.org | udp |
| US | 8.8.8.8:53 | igdklelonip.info | udp |
| US | 8.8.8.8:53 | unbuto.net | udp |
| US | 8.8.8.8:53 | wuldian.info | udp |
| US | 8.8.8.8:53 | bvrlxiawb.net | udp |
| US | 8.8.8.8:53 | otforxu.info | udp |
| US | 8.8.8.8:53 | gpqocfx.net | udp |
| US | 8.8.8.8:53 | lwfmytl.net | udp |
| US | 8.8.8.8:53 | rpzgztaztpej.info | udp |
| US | 8.8.8.8:53 | bujydax.net | udp |
| US | 8.8.8.8:53 | cmylfwxbucc.net | udp |
| US | 8.8.8.8:53 | yezrjizwddt.net | udp |
| US | 8.8.8.8:53 | gynzoqpjezoa.info | udp |
| US | 8.8.8.8:53 | pckxxwc.info | udp |
| US | 8.8.8.8:53 | sxsydftugfl.net | udp |
| US | 8.8.8.8:53 | vwtinftgvok.net | udp |
| US | 8.8.8.8:53 | dodwmarq.info | udp |
| US | 8.8.8.8:53 | wivumxrks.info | udp |
| US | 8.8.8.8:53 | eczozqj.net | udp |
| US | 8.8.8.8:53 | msoiygcw.org | udp |
| US | 8.8.8.8:53 | wuakckqayy.org | udp |
| US | 8.8.8.8:53 | aafhlhxk.net | udp |
| US | 8.8.8.8:53 | vimdlavtng.net | udp |
| US | 8.8.8.8:53 | imnpzcpoo.net | udp |
| US | 8.8.8.8:53 | jntxuexoq.net | udp |
| US | 8.8.8.8:53 | wyqisk.org | udp |
| US | 8.8.8.8:53 | iomsikaqis.com | udp |
| US | 8.8.8.8:53 | tkhqrvrnja.info | udp |
| US | 8.8.8.8:53 | klstpqbn.info | udp |
| US | 8.8.8.8:53 | qcoism.com | udp |
| US | 8.8.8.8:53 | nffqyfqblj.net | udp |
| US | 8.8.8.8:53 | awtrjqbmv.net | udp |
| US | 8.8.8.8:53 | hwzlzk.net | udp |
| US | 8.8.8.8:53 | ejpdqikairvo.info | udp |
| US | 8.8.8.8:53 | iyqcyeou.com | udp |
| US | 8.8.8.8:53 | oisosm.com | udp |
| US | 8.8.8.8:53 | vkfrbjpoa.net | udp |
| US | 8.8.8.8:53 | kkwyecsq.org | udp |
| US | 8.8.8.8:53 | ssgqsckw.com | udp |
| US | 8.8.8.8:53 | ueazbxtugjer.net | udp |
| US | 8.8.8.8:53 | cxritgbkwiqj.net | udp |
| US | 8.8.8.8:53 | khvwhdpfdaw.info | udp |
| US | 8.8.8.8:53 | jxtmcoevpk.net | udp |
| US | 8.8.8.8:53 | qdadjqjutdpq.info | udp |
| US | 8.8.8.8:53 | cgioomaosisi.org | udp |
| US | 8.8.8.8:53 | xflrdxdu.net | udp |
| US | 8.8.8.8:53 | dhbxili.org | udp |
| US | 8.8.8.8:53 | vutnib.net | udp |
| US | 8.8.8.8:53 | joforcz.org | udp |
| US | 8.8.8.8:53 | yabgjuiyvpj.net | udp |
| US | 8.8.8.8:53 | nhrndyqvyg.net | udp |
| US | 8.8.8.8:53 | vsiivjqrfqyl.info | udp |
| US | 8.8.8.8:53 | vfewxt.net | udp |
| US | 8.8.8.8:53 | sjyhsr.info | udp |
| US | 8.8.8.8:53 | ztcstkx.info | udp |
| US | 8.8.8.8:53 | yqtafgfohsp.net | udp |
| US | 8.8.8.8:53 | rpesjlkwllir.info | udp |
| US | 8.8.8.8:53 | nrpqjt.info | udp |
| US | 8.8.8.8:53 | xuhvrphu.info | udp |
| US | 8.8.8.8:53 | zrvwfsnurd.info | udp |
| US | 8.8.8.8:53 | lkngjoezjnq.com | udp |
| US | 8.8.8.8:53 | jywoygnhfeb.net | udp |
| US | 8.8.8.8:53 | tmwptcxi.net | udp |
| US | 8.8.8.8:53 | sfnivsqp.net | udp |
| US | 8.8.8.8:53 | oglbak.info | udp |
| US | 8.8.8.8:53 | wrbgtg.info | udp |
| US | 8.8.8.8:53 | bifsmot.net | udp |
| US | 8.8.8.8:53 | wsphimdomyt.info | udp |
| US | 8.8.8.8:53 | poawtrjonb.info | udp |
| US | 8.8.8.8:53 | zviudx.info | udp |
| US | 8.8.8.8:53 | jfvcloih.info | udp |
| US | 8.8.8.8:53 | wqjufyzlf.net | udp |
| US | 8.8.8.8:53 | rmaysjztbxiw.net | udp |
| US | 8.8.8.8:53 | pdyduyuudypu.net | udp |
| US | 8.8.8.8:53 | sehmdau.info | udp |
| US | 8.8.8.8:53 | vsswekgnat.info | udp |
| US | 8.8.8.8:53 | wokwwmam.com | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | hocumaay.info | udp |
| US | 8.8.8.8:53 | jrabitjq.info | udp |
| US | 8.8.8.8:53 | mcvxwov.net | udp |
| US | 8.8.8.8:53 | iwnquyjix.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | wvbvruewzh.net | udp |
| US | 8.8.8.8:53 | rjtmhrkp.net | udp |
| US | 8.8.8.8:53 | piywbezlx.info | udp |
| US | 8.8.8.8:53 | dprqgeqyn.net | udp |
| US | 8.8.8.8:53 | wgpcqkvol.net | udp |
| US | 8.8.8.8:53 | kfgdoowsrum.net | udp |
| US | 8.8.8.8:53 | moamxac.info | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | oaemiuyc.com | udp |
| US | 8.8.8.8:53 | hcncqp.info | udp |
| US | 8.8.8.8:53 | kgsmeywyssac.org | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | cukwhege.net | udp |
| US | 8.8.8.8:53 | bvmbbgr.info | udp |
| US | 8.8.8.8:53 | fhvxzv.info | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | lqpuiyys.net | udp |
| US | 8.8.8.8:53 | zrsevhobhgyn.info | udp |
| US | 8.8.8.8:53 | iahwvapa.net | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | rimoguhmoeb.com | udp |
| US | 8.8.8.8:53 | pbgcxhgaefcr.info | udp |
| US | 8.8.8.8:53 | bknruqtvpctg.info | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | wkrapw.net | udp |
| US | 8.8.8.8:53 | qkieiwiuqecu.com | udp |
| US | 8.8.8.8:53 | jeatlf.net | udp |
| US | 8.8.8.8:53 | dhznfo.info | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | swutyyfujpf.info | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | suykogqiqqim.com | udp |
| US | 8.8.8.8:53 | inlmujmv.info | udp |
| US | 8.8.8.8:53 | efyfagiukoxx.info | udp |
| US | 8.8.8.8:53 | ivbcwrvwrm.info | udp |
| US | 8.8.8.8:53 | khccviywj.net | udp |
| US | 8.8.8.8:53 | secgukkk.com | udp |
| US | 8.8.8.8:53 | hdkwfslpfad.info | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | rsdpeob.info | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
Files
C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
| MD5 | 89ec3461ef4a893428c32f89de78b396 |
| SHA1 | 8067cdc0901f0dc5bc1bb67a1c9037f502ea85f9 |
| SHA256 | 1849989ee704cda3b552b5021f3165012978d26d0daf7d22a09805deb6be2d0b |
| SHA512 | 7804fa36e1f050115b00d21a9a94cf92436260a385da67106b0c73eb350abafca53f2dec42d377d4eccc095dd75ac92e841fb66e874e656e412cd71ed7909fe8 |
C:\Windows\SysWOW64\jabqhuvexwkbjabppd.exe
| MD5 | b45ce61349c8fd0044f2bf10ac4d34b4 |
| SHA1 | 37ed91a926c1d7a6194ee21ae03de8f4bd5947bd |
| SHA256 | a8bea21f2d08a4952d7349aac02b6c9e0a73bf9d0ca54aeffb1db631adbac518 |
| SHA512 | a3061028f885646253ffc9ca3081658e4b31a49e13b4a187c774d673d5cab18e0ab333e07f055375fb6b87252a93ec790b99128ffec0b52ef1a64bb9775c624f |
C:\Users\Admin\AppData\Local\Temp\uaquacs.exe
| MD5 | 86074e1e96b9411df355db34f30ace9b |
| SHA1 | 5bc1575bcdebd8e5b286873deab4ee07f111eb5c |
| SHA256 | 5e7c97c38376548404b29769836f7646c8e5143edf99ff502ba10e895c08c9d8 |
| SHA512 | 76cb2d6aa0661e75e1ddf9b15d31e0b80a4f3275994f73ee90e53adf1c9497a9ed37a6684906617cf639e9cccea573c619dc51cf56fdf92e715327522c08d7b9 |
C:\Users\Admin\AppData\Local\nqdehgtoteehberrddgtuxwjej.uxr
| MD5 | 5837d6c53e546802c45c102c04f362d1 |
| SHA1 | 5b4dd064c839844a9fa0eda0cf752ecf58160586 |
| SHA256 | 96cc12b54dd2346e07f0db2b64fbc07e443a7196b2d470e82329e549df57c615 |
| SHA512 | 1b059b3f2e1aa7532be5904abb423992945e86bd8acdf6f093c864d7b53eef8297a49d3d8ab375a010abb595fcd520aa5d1a47e483f16ffc8ffdf5f6f397b78e |
C:\Users\Admin\AppData\Local\ocamakioealzesqbyjxvhvfdjzvguznlwtesq.qay
| MD5 | d6a062b0dc8482182ad9ab99d407e9e6 |
| SHA1 | 42d3077e8afa45fa70e4d725f3b944177341d6d8 |
| SHA256 | 335cc66d97fd6f233a0a9f4f5ae3f5c38694ca4fc4b215e2df83d848d8a3dcfc |
| SHA512 | 0a3295f6c387abf8a06b45217bed06091ae638bbb8d06c85ab7242063a9b1dd98835e7e591f7b1b88f55bfb0d9104c602f6ce510d6a27a5fa0a46c276155a08e |
C:\Program Files (x86)\nqdehgtoteehberrddgtuxwjej.uxr
| MD5 | 20b5d991f5d03413f27eeebbab9e6b8a |
| SHA1 | ac47b8f267748dd8f376bc930526787f2124837f |
| SHA256 | f638e2be36e9c0cf8bfa2d820faeb9ff4798e35920360fdfa7c6fd051c9983e0 |
| SHA512 | 71c94755e6fe72463b597474f62db45ed2e55a12c1019cbeddcff62989b5037c787b39be0db3972929e595a5c62d5426d4050e455344bac70083963c584cce2b |
C:\Program Files (x86)\nqdehgtoteehberrddgtuxwjej.uxr
| MD5 | 2edd01965a3bcedc315f494bd590fea8 |
| SHA1 | 2c14ddc6dcc0b77a8b268a1428a9b32670ee5131 |
| SHA256 | eb7e587093006fa348c0c8dd46c684230397cf838f12940d38289297417a7104 |
| SHA512 | c2c2f2d4134a090f28b0329dd949f8e814438a57786a8d8fdcc31ee19a734a5631cdb5ed6b281cc034470e16fde493d88a33d7728908088e272707e1765c0e6c |
C:\Program Files (x86)\nqdehgtoteehberrddgtuxwjej.uxr
| MD5 | 7dfcab6345855f8d925aae5c25dea626 |
| SHA1 | e7a9a2ab2e618182593d0002734b63f57c254749 |
| SHA256 | 6b47292fd2a58cc8e99f99f4fd9d597f22d4297e71e00740f9bec4a95cea9cbf |
| SHA512 | 97057790c7abef76f38cf56e0283f39ca70d0e7b86ac249a333634aa8a7212a100e166e4338bee6d96393eb0b0957de6cfa366d9e46d9c4073bab83f46316850 |
C:\Program Files (x86)\nqdehgtoteehberrddgtuxwjej.uxr
| MD5 | a9d08bb7b507e754c863d96d9e86fa31 |
| SHA1 | 617702c56df6780a03c4daa573831c4fadabedc4 |
| SHA256 | 350e6dc8d7a4126034bebab55ae30ddec25bcf6a03b7abfaccd036c7e5e07e3b |
| SHA512 | 8127310e19518f142e3c2fe368ed23be50a972396559f11b5e2759bb66a2f8529ec92aff74a4181cd09e04ddeb38c6df3812e229aa156eae7cc44b405bc1b11b |
C:\Program Files (x86)\nqdehgtoteehberrddgtuxwjej.uxr
| MD5 | 131730adc624517451dae5f85265b90c |
| SHA1 | b0e7e3acf0569f5bb91a192f5a0a0ada4bf7d039 |
| SHA256 | 4e2a529fd0f267c57123828125b2686115326b5d4109c53678069cbf195be73e |
| SHA512 | 1021225d2c5c6f3f19488ff9e94d50adaaa72563e39d0fa13fcefe0b689ab3fd73d26f08382b3c053a7f2aafb5813f1287331f5ac8513bfab6b09bacb569a715 |