Analysis Overview
SHA256
ce16cfb716ea2a3ebb272428883f5b7375f2b38c5eeff3c4e455baa9a9fb0168
Threat Level: Known bad
The file JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
UAC bypass
Pykspa family
Pykspa
Detect Pykspa worm
Adds policy Run key to start application
Disables RegEdit via registry modification
Executes dropped EXE
Impair Defenses: Safe Mode Boot
Checks computer location settings
Adds Run key to start application
Hijack Execution Flow: Executable Installer File Permissions Weakness
Looks up external IP address via web service
Checks whether UAC is enabled
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
System policy modification
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-13 15:09
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-13 15:09
Reported
2025-04-13 15:12
Platform
win10v2004-20250410-en
Max time kernel
41s
Max time network
151s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "zzhytgfvjybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "sryoiushuikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "zzhytgfvjybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gjuomcexogmkbcqueicf.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sryoiushuikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "zzhytgfvjybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzlgfwztlelkcetyjojnz.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sryoiushuikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "vzlgfwztlelkcetyjojnz.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "gjuomcexogmkbcqueicf.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tvfyvkldtkpmccpsbex.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sryoiushuikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "gjuomcexogmkbcqueicf.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "gjuomcexogmkbcqueicf.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "sryoiushuikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "gjuomcexogmkbcqueicf.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzhytgfvjybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "ijskguulaquqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzlgfwztlelkcetyjojnz.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "ijskguulaquqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sryoiushuikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzhytgfvjybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "tvfyvkldtkpmccpsbex.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "tvfyvkldtkpmccpsbex.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "ijskguulaquqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "sryoiushuikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "gjuomcexogmkbcqueicf.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "sryoiushuikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sryoiushuikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tvfyvkldtkpmccpsbex.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "vzlgfwztlelkcetyjojnz.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gjuomcexogmkbcqueicf.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "tvfyvkldtkpmccpsbex.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "zzhytgfvjybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "tvfyvkldtkpmccpsbex.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "sryoiushuikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\ijskguulaquqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\tvfyvkldtkpmccpsbex.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\sryoiushuikeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\zzhytgfvjybwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\zzhytgfvjybwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\ijskguulaquqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\ijskguulaquqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\sryoiushuikeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\gjuomcexogmkbcqueicf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\tvfyvkldtkpmccpsbex.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\ijskguulaquqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\ijskguulaquqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\gjuomcexogmkbcqueicf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\ijskguulaquqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\gjuomcexogmkbcqueicf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\zzhytgfvjybwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\ijskguulaquqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\ijskguulaquqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\tvfyvkldtkpmccpsbex.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\tvfyvkldtkpmccpsbex.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\gjuomcexogmkbcqueicf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\ijskguulaquqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\zzhytgfvjybwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\tvfyvkldtkpmccpsbex.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\zzhytgfvjybwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\gjuomcexogmkbcqueicf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\gjuomcexogmkbcqueicf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\ijskguulaquqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\vzlgfwztlelkcetyjojnz.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sryoiushuikeroyy = "vzlgfwztlelkcetyjojnz.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "vzlgfwztlelkcetyjojnz.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "gjuomcexogmkbcqueicf.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "zzhytgfvjybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "gjuomcexogmkbcqueicf.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ijskguulaquqfeqsac = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzhytgfvjybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzlgfwztlelkcetyjojnz.exe ." | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ijskguulaquqfeqsac = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzhytgfvjybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "gjuomcexogmkbcqueicf.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "gjuomcexogmkbcqueicf.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzhytgfvjybwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zzhytgfvjybwkitub = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzlgfwztlelkcetyjojnz.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "tvfyvkldtkpmccpsbex.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zzhytgfvjybwkitub = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sryoiushuikeroyy = "tvfyvkldtkpmccpsbex.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "tvfyvkldtkpmccpsbex.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzlgfwztlelkcetyjojnz.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zzhytgfvjybwkitub = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sryoiushuikeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzlgfwztlelkcetyjojnz.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ijskguulaquqfeqsac = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzlgfwztlelkcetyjojnz.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "sryoiushuikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zzhytgfvjybwkitub = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tvfyvkldtkpmccpsbex.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "tvfyvkldtkpmccpsbex.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzlgfwztlelkcetyjojnz.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "ijskguulaquqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ijskguulaquqfeqsac = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zzhytgfvjybwkitub = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sryoiushuikeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "sryoiushuikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "gjuomcexogmkbcqueicf.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sryoiushuikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "sryoiushuikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zzhytgfvjybwkitub = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzhytgfvjybwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zzhytgfvjybwkitub = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzlgfwztlelkcetyjojnz.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "gjuomcexogmkbcqueicf.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzhytgfvjybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "ijskguulaquqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tvfyvkldtkpmccpsbex.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tvfyvkldtkpmccpsbex.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ijskguulaquqfeqsac = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzhytgfvjybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "tvfyvkldtkpmccpsbex.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "sryoiushuikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sryoiushuikeroyy = "gjuomcexogmkbcqueicf.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ijskguulaquqfeqsac = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tvfyvkldtkpmccpsbex.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sryoiushuikeroyy = "vzlgfwztlelkcetyjojnz.exe ." | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zzhytgfvjybwkitub = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gjuomcexogmkbcqueicf.exe ." | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "vzlgfwztlelkcetyjojnz.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gjuomcexogmkbcqueicf.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tvfyvkldtkpmccpsbex.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "tvfyvkldtkpmccpsbex.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzlgfwztlelkcetyjojnz.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "sryoiushuikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sryoiushuikeroyy = "ijskguulaquqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "ijskguulaquqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "vzlgfwztlelkcetyjojnz.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ijskguulaquqfeqsac = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gjuomcexogmkbcqueicf.exe ." | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sryoiushuikeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "gjuomcexogmkbcqueicf.exe ." | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "tvfyvkldtkpmccpsbex.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "vzlgfwztlelkcetyjojnz.exe" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\mreaaswrkemmfiyeqwsxkg.exe | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ijskguulaquqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sryoiushuikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ijskguulaquqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mreaaswrkemmfiyeqwsxkg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sryoiushuikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vzlgfwztlelkcetyjojnz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mreaaswrkemmfiyeqwsxkg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mreaaswrkemmfiyeqwsxkg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zzhytgfvjybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zzhytgfvjybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gjuomcexogmkbcqueicf.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zzhytgfvjybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vzlgfwztlelkcetyjojnz.exe | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ijskguulaquqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zzhytgfvjybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zzhytgfvjybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mreaaswrkemmfiyeqwsxkg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sryoiushuikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vzlgfwztlelkcetyjojnz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ijskguulaquqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ijskguulaquqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mreaaswrkemmfiyeqwsxkg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ijskguulaquqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zzhytgfvjybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gjuomcexogmkbcqueicf.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sryoiushuikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nhjujqjtbkhwewbwxsdxzkzgzjraxmumr.nit | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vzlgfwztlelkcetyjojnz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zzhytgfvjybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vzlgfwztlelkcetyjojnz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vzlgfwztlelkcetyjojnz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sryoiushuikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sryoiushuikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sryoiushuikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mreaaswrkemmfiyeqwsxkg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gjuomcexogmkbcqueicf.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gjuomcexogmkbcqueicf.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gjuomcexogmkbcqueicf.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vzlgfwztlelkcetyjojnz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gjuomcexogmkbcqueicf.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sryoiushuikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vzlgfwztlelkcetyjojnz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sryoiushuikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ijskguulaquqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zzhytgfvjybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ijskguulaquqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mreaaswrkemmfiyeqwsxkg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sryoiushuikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vzlgfwztlelkcetyjojnz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mreaaswrkemmfiyeqwsxkg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mreaaswrkemmfiyeqwsxkg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sryoiushuikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\nhjujqjtbkhwewbwxsdxzkzgzjraxmumr.nit | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\wfwwawedaykolsmwmwwfww.wed | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| File created | C:\Program Files (x86)\wfwwawedaykolsmwmwwfww.wed | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\nhjujqjtbkhwewbwxsdxzkzgzjraxmumr.nit | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\zzhytgfvjybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\ijskguulaquqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\tvfyvkldtkpmccpsbex.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\sryoiushuikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\vzlgfwztlelkcetyjojnz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\vzlgfwztlelkcetyjojnz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\mreaaswrkemmfiyeqwsxkg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\gjuomcexogmkbcqueicf.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\tvfyvkldtkpmccpsbex.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\gjuomcexogmkbcqueicf.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\mreaaswrkemmfiyeqwsxkg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\zzhytgfvjybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\ijskguulaquqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\tvfyvkldtkpmccpsbex.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\mreaaswrkemmfiyeqwsxkg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\ijskguulaquqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\tvfyvkldtkpmccpsbex.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\sryoiushuikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| File opened for modification | C:\Windows\tvfyvkldtkpmccpsbex.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\sryoiushuikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| File opened for modification | C:\Windows\mreaaswrkemmfiyeqwsxkg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\ijskguulaquqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\zzhytgfvjybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\tvfyvkldtkpmccpsbex.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\sryoiushuikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\vzlgfwztlelkcetyjojnz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\vzlgfwztlelkcetyjojnz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\tvfyvkldtkpmccpsbex.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\zzhytgfvjybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\vzlgfwztlelkcetyjojnz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\tvfyvkldtkpmccpsbex.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\gjuomcexogmkbcqueicf.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\sryoiushuikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\gjuomcexogmkbcqueicf.exe | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| File opened for modification | C:\Windows\mreaaswrkemmfiyeqwsxkg.exe | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| File opened for modification | C:\Windows\ijskguulaquqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| File opened for modification | C:\Windows\sryoiushuikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\vzlgfwztlelkcetyjojnz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\vzlgfwztlelkcetyjojnz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\sryoiushuikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\tvfyvkldtkpmccpsbex.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\ijskguulaquqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\zzhytgfvjybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\zzhytgfvjybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\ijskguulaquqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\vzlgfwztlelkcetyjojnz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\zzhytgfvjybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\zzhytgfvjybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\zzhytgfvjybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\tvfyvkldtkpmccpsbex.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File created | C:\Windows\nhjujqjtbkhwewbwxsdxzkzgzjraxmumr.nit | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| File opened for modification | C:\Windows\zzhytgfvjybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\vzlgfwztlelkcetyjojnz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\gjuomcexogmkbcqueicf.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\vzlgfwztlelkcetyjojnz.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\ijskguulaquqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\mreaaswrkemmfiyeqwsxkg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\zzhytgfvjybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\sryoiushuikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\gjuomcexogmkbcqueicf.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\gjuomcexogmkbcqueicf.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\mreaaswrkemmfiyeqwsxkg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\ijskguulaquqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\sryoiushuikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zzhytgfvjybwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zzhytgfvjybwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\sryoiushuikeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ijskguulaquqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\sryoiushuikeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gjuomcexogmkbcqueicf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ijskguulaquqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zzhytgfvjybwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ijskguulaquqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gjuomcexogmkbcqueicf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ijskguulaquqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ijskguulaquqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tvfyvkldtkpmccpsbex.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zzhytgfvjybwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ijskguulaquqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ijskguulaquqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gjuomcexogmkbcqueicf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ijskguulaquqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gjuomcexogmkbcqueicf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\sryoiushuikeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zzhytgfvjybwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gjuomcexogmkbcqueicf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vzlgfwztlelkcetyjojnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tvfyvkldtkpmccpsbex.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zzhytgfvjybwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\gjuomcexogmkbcqueicf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tvfyvkldtkpmccpsbex.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vjfkt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe"
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b4fe986f603c8689f0e3be5b60cc856e.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\zzhytgfvjybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\vjfkt.exe
"C:\Users\Admin\AppData\Local\Temp\vjfkt.exe" "-C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe"
C:\Users\Admin\AppData\Local\Temp\vjfkt.exe
"C:\Users\Admin\AppData\Local\Temp\vjfkt.exe" "-C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\zzhytgfvjybwkitub.exe*."
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\zzhytgfvjybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe .
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\zzhytgfvjybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe .
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\zzhytgfvjybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\zzhytgfvjybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe .
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe .
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe .
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\zzhytgfvjybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\zzhytgfvjybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe .
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\zzhytgfvjybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\tvfyvkldtkpmccpsbex.exe
tvfyvkldtkpmccpsbex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe
C:\Windows\gjuomcexogmkbcqueicf.exe
gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Windows\vzlgfwztlelkcetyjojnz.exe
vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\zzhytgfvjybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe
C:\Windows\ijskguulaquqfeqsac.exe
ijskguulaquqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .
C:\Windows\zzhytgfvjybwkitub.exe
zzhytgfvjybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Windows\sryoiushuikeroyy.exe
sryoiushuikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.bbc.co.uk | udp |
| US | 151.101.192.81:80 | www.bbc.co.uk | tcp |
| LT | 78.57.185.121:21014 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | fsnzvdvcxew.com | udp |
| US | 8.8.8.8:53 | zyvwaap.net | udp |
| US | 8.8.8.8:53 | lfphtrdaz.info | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | vteilyt.com | udp |
| US | 8.8.8.8:53 | pwlcna.net | udp |
| US | 8.8.8.8:53 | vkpcrfjspwf.info | udp |
| US | 8.8.8.8:53 | pufplfa.net | udp |
| US | 8.8.8.8:53 | wabhklf.info | udp |
| US | 8.8.8.8:53 | uyoqcqgismus.org | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | koyokismwwua.com | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | zqqmruwye.info | udp |
| US | 8.8.8.8:53 | tmbdpakqljf.org | udp |
| US | 8.8.8.8:53 | otadflnvrtsd.net | udp |
| US | 8.8.8.8:53 | xnutyoevyb.net | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | tremwcl.info | udp |
| US | 8.8.8.8:53 | djrkevhf.info | udp |
| US | 8.8.8.8:53 | aybwzrnmf.info | udp |
| US | 8.8.8.8:53 | myaase.info | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | xjbuynpdku.net | udp |
| US | 8.8.8.8:53 | bcsikagumk.net | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | isdqlqwuz.info | udp |
| US | 8.8.8.8:53 | uswuvslafdqv.net | udp |
| US | 8.8.8.8:53 | ydgkcesia.info | udp |
| US | 8.8.8.8:53 | qkieiwiuqecu.com | udp |
| US | 8.8.8.8:53 | jeatlf.net | udp |
| US | 8.8.8.8:53 | gthssxfttd.net | udp |
| US | 8.8.8.8:53 | ilfgqtxk.net | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | euogsi.org | udp |
| LT | 78.61.139.217:19660 | tcp | |
| US | 8.8.8.8:53 | movibssfbohi.net | udp |
| US | 8.8.8.8:53 | jvflpufvefoj.info | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | egbgqh.net | udp |
| US | 8.8.8.8:53 | dtrmgh.info | udp |
| US | 8.8.8.8:53 | xpsywmrz.net | udp |
| US | 8.8.8.8:53 | yypptnfxww.info | udp |
| US | 8.8.8.8:53 | uagmek.com | udp |
| US | 8.8.8.8:53 | unmkcn.net | udp |
| US | 8.8.8.8:53 | lboebl.net | udp |
| US | 8.8.8.8:53 | tctidmm.info | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | cwiqcw.org | udp |
| US | 8.8.8.8:53 | dwdutpp.info | udp |
| US | 8.8.8.8:53 | ewfgzywrl.info | udp |
| US | 8.8.8.8:53 | vwgilqxw.net | udp |
| US | 8.8.8.8:53 | jcdkrrtcb.com | udp |
| US | 8.8.8.8:53 | fmqoxbt.org | udp |
| US | 8.8.8.8:53 | fsoeebulkcfo.info | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| LT | 77.221.81.32:29742 | tcp | |
| US | 8.8.8.8:53 | nyvhbu.info | udp |
| US | 8.8.8.8:53 | nwkkaprb.net | udp |
| US | 8.8.8.8:53 | awcsicqs.com | udp |
| US | 8.8.8.8:53 | rexood.net | udp |
| US | 8.8.8.8:53 | dswqietobrt.net | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | xkvwwr.net | udp |
| US | 8.8.8.8:53 | euowikeiiw.com | udp |
| US | 8.8.8.8:53 | ccbdls.info | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | pwutlyrhcq.info | udp |
| US | 8.8.8.8:53 | posdiqfwasm.info | udp |
| US | 8.8.8.8:53 | tkwhjwjqqgp.net | udp |
| US | 8.8.8.8:53 | edzoloxzdqs.info | udp |
| US | 8.8.8.8:53 | xizckzstxb.net | udp |
| US | 8.8.8.8:53 | fogwlc.net | udp |
| US | 8.8.8.8:53 | ymuiyuockk.com | udp |
| US | 8.8.8.8:53 | glsieoyoip.info | udp |
| US | 8.8.8.8:53 | dleujr.info | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | tevenadstmn.com | udp |
| US | 8.8.8.8:53 | xapmdcpnpsj.net | udp |
| US | 8.8.8.8:53 | eitxrmbwryx.net | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | pxbjiusmnjxh.net | udp |
| US | 8.8.8.8:53 | foumkhnmfwmc.info | udp |
| US | 8.8.8.8:53 | cnznmtcr.net | udp |
| US | 8.8.8.8:53 | aqwkbooml.info | udp |
| US | 8.8.8.8:53 | apxhvqeug.info | udp |
| US | 8.8.8.8:53 | jvbnss.info | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | jklmjn.net | udp |
| US | 8.8.8.8:53 | eutyrdxkl.net | udp |
| US | 8.8.8.8:53 | krnsrkscmxo.info | udp |
| US | 88.216.18.28:22843 | tcp | |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | nqtbfctrmxxk.net | udp |
| US | 8.8.8.8:53 | xteyhr.info | udp |
| US | 8.8.8.8:53 | buhoqxtn.info | udp |
| US | 8.8.8.8:53 | oyieeu.org | udp |
| US | 8.8.8.8:53 | oibuzatvl.info | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | sisieyqymqmw.com | udp |
| US | 8.8.8.8:53 | ywrtrjtd.info | udp |
| US | 8.8.8.8:53 | btyuudmusi.info | udp |
| US | 8.8.8.8:53 | krhwda.net | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | kydpcc.net | udp |
| US | 8.8.8.8:53 | xynwzmadaxx.com | udp |
| US | 8.8.8.8:53 | hkdhbqpqnqb.net | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | icggomca.com | udp |
| US | 8.8.8.8:53 | lgqmzqfaltt.info | udp |
| US | 8.8.8.8:53 | gmuaweikgykc.org | udp |
| US | 8.8.8.8:53 | aqsrdcv.info | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | rioqeulql.info | udp |
| US | 8.8.8.8:53 | jkzldx.info | udp |
| US | 8.8.8.8:53 | zkhgniqcjylf.info | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | yyltlspljkr.net | udp |
| US | 8.8.8.8:53 | buhntf.info | udp |
| US | 8.8.8.8:53 | heprdmdqbwq.net | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | rjgatt.info | udp |
| US | 8.8.8.8:53 | owroshkj.net | udp |
| US | 8.8.8.8:53 | tstqsuqaekbb.net | udp |
| US | 8.8.8.8:53 | vylmhguwf.org | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | aemuqgao.com | udp |
| US | 8.8.8.8:53 | usppafpbvdvz.net | udp |
| US | 8.8.8.8:53 | buzggiznast.info | udp |
| BG | 77.71.30.91:18370 | tcp | |
| US | 8.8.8.8:53 | cubnwd.net | udp |
| US | 8.8.8.8:53 | dgjwaltcget.net | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | pynmfafmt.info | udp |
| US | 8.8.8.8:53 | ciweyqumuumy.com | udp |
| US | 8.8.8.8:53 | jphisfg.net | udp |
| US | 8.8.8.8:53 | pnvkqu.info | udp |
| US | 8.8.8.8:53 | genkukhnhdf.info | udp |
| US | 8.8.8.8:53 | xyxeou.net | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | sskaeqik.org | udp |
| US | 8.8.8.8:53 | yrkjjagkr.net | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | sngallfq.net | udp |
| US | 8.8.8.8:53 | eltrutdftd.info | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | yocgssouwwue.com | udp |
| US | 8.8.8.8:53 | ispydk.net | udp |
| US | 8.8.8.8:53 | gtmqpf.info | udp |
| US | 8.8.8.8:53 | hlnidmiyfzgh.info | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | tsrxzachuhun.net | udp |
| US | 8.8.8.8:53 | aunxplxxliqz.info | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | xgtopov.com | udp |
| US | 8.8.8.8:53 | xgnctdxnqc.net | udp |
| US | 8.8.8.8:53 | fgvqnxfdxj.net | udp |
| US | 8.8.8.8:53 | sokfhsfa.info | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | qezmduxwl.net | udp |
| US | 8.8.8.8:53 | bkyrdwmajj.net | udp |
| US | 8.8.8.8:53 | tbticyexh.net | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | fgtjlfqt.net | udp |
| US | 8.8.8.8:53 | zipwhvdtpd.net | udp |
| US | 8.8.8.8:53 | jobepedkpwu.info | udp |
| US | 8.8.8.8:53 | miuqakyaomaa.org | udp |
| US | 8.8.8.8:53 | qyqphhvmgtsu.net | udp |
| US | 8.8.8.8:53 | lmlfretatow.info | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | rawnqcpxufdn.net | udp |
| US | 8.8.8.8:53 | yudyna.info | udp |
| US | 8.8.8.8:53 | hvfozqljs.net | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | pqmzeaqimzlz.net | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | xhbkad.net | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | uiokvckcjuf.net | udp |
| US | 8.8.8.8:53 | btdybms.info | udp |
| US | 8.8.8.8:53 | zknkjuacxgw.net | udp |
| US | 8.8.8.8:53 | tmqklrf.com | udp |
| US | 8.8.8.8:53 | aguwrdos.info | udp |
| GB | 188.221.154.147:26490 | tcp | |
| US | 8.8.8.8:53 | btwshypwf.net | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | iqgagetqf.net | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | dgpmykfurzh.com | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | rqtmbpnlge.info | udp |
| US | 8.8.8.8:53 | xctptjmdyyaq.net | udp |
| US | 8.8.8.8:53 | jjjcymp.org | udp |
| US | 8.8.8.8:53 | zcaihrh.info | udp |
| US | 8.8.8.8:53 | uunnqzxolyd.net | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | womgqwcksyma.com | udp |
| US | 8.8.8.8:53 | uxgibl.net | udp |
| US | 8.8.8.8:53 | ysabln.info | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | jczvwpmmtwjr.info | udp |
| US | 8.8.8.8:53 | kgyxqjdfn.net | udp |
| US | 8.8.8.8:53 | scisoywu.org | udp |
| US | 8.8.8.8:53 | dihowam.com | udp |
| US | 8.8.8.8:53 | sheltqtenlxg.net | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | vgrkycfpwpp.org | udp |
| US | 8.8.8.8:53 | acahgr.info | udp |
| US | 8.8.8.8:53 | lecddtwtudaz.info | udp |
| US | 8.8.8.8:53 | wggdzib.info | udp |
| US | 8.8.8.8:53 | hgcklodrfcw.net | udp |
| US | 8.8.8.8:53 | jkgafmv.net | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | nwygec.net | udp |
| US | 8.8.8.8:53 | hhljiibz.net | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | siwcmkamyeka.org | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | rsaiyrddlu.net | udp |
| US | 8.8.8.8:53 | tefwhufex.com | udp |
| US | 8.8.8.8:53 | nfkykmri.net | udp |
| US | 8.8.8.8:53 | udjeou.info | udp |
| US | 8.8.8.8:53 | esakky.com | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | xwtmfjfoxvrz.info | udp |
| US | 8.8.8.8:53 | vwfgxjt.com | udp |
| US | 8.8.8.8:53 | qzldnofbkf.info | udp |
| US | 8.8.8.8:53 | ijsbwkstflkk.info | udp |
| US | 8.8.8.8:53 | dfvixt.info | udp |
| US | 8.8.8.8:53 | uwxslhy.net | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | ccegwuoeyoki.org | udp |
| US | 8.8.8.8:53 | rlaysc.net | udp |
| US | 8.8.8.8:53 | celvtun.net | udp |
| US | 8.8.8.8:53 | ddgkye.info | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | abzgjykgvmf.info | udp |
| US | 8.8.8.8:53 | thegpizt.net | udp |
| US | 8.8.8.8:53 | lkytzcacpel.org | udp |
| US | 8.8.8.8:53 | gvknfyscd.info | udp |
| DE | 95.173.40.30:43171 | tcp | |
| US | 8.8.8.8:53 | ugoqmseq.org | udp |
| US | 8.8.8.8:53 | lymmbkx.net | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | tataexfozy.net | udp |
| US | 8.8.8.8:53 | stpbrbt.info | udp |
| US | 8.8.8.8:53 | dgtuyhug.net | udp |
| US | 8.8.8.8:53 | tjtsoacgmeng.net | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | giekeg.com | udp |
| US | 8.8.8.8:53 | umgewqguia.com | udp |
| US | 8.8.8.8:53 | owtcxotml.info | udp |
| US | 8.8.8.8:53 | wobqhqnttlr.info | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | fhascdik.info | udp |
| US | 8.8.8.8:53 | agwqawoskymm.org | udp |
| US | 8.8.8.8:53 | tkjlhrzcdl.info | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | moqkgyismu.com | udp |
| US | 8.8.8.8:53 | ytarjeqk.info | udp |
| US | 8.8.8.8:53 | dearrtob.info | udp |
| US | 8.8.8.8:53 | unudyndta.info | udp |
| US | 8.8.8.8:53 | iybuquv.net | udp |
| US | 8.8.8.8:53 | hznggrxyo.com | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | hgsrwh.info | udp |
| US | 8.8.8.8:53 | hueivybopib.info | udp |
| US | 8.8.8.8:53 | xxtkenbkly.info | udp |
| US | 8.8.8.8:53 | stvjpng.info | udp |
| US | 8.8.8.8:53 | hmanbb.net | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | jbjrzvbdrc.info | udp |
| US | 8.8.8.8:53 | htjulot.org | udp |
| LT | 86.100.142.106:24528 | tcp | |
| US | 8.8.8.8:53 | kuaqgy.com | udp |
| US | 8.8.8.8:53 | lmvctuycr.com | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | rugupeqycwcw.info | udp |
| US | 8.8.8.8:53 | jjkqtbupcs.info | udp |
| US | 8.8.8.8:53 | zswtmxbiterh.net | udp |
| US | 8.8.8.8:53 | vubtzd.info | udp |
| US | 8.8.8.8:53 | fofgctayk.org | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | nynusatmp.com | udp |
| US | 8.8.8.8:53 | cgwgkaocys.org | udp |
| US | 8.8.8.8:53 | lmkgcnxp.info | udp |
| US | 8.8.8.8:53 | pstnvhxp.net | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | ukgccrza.net | udp |
| US | 8.8.8.8:53 | ufjudexvp.net | udp |
| US | 8.8.8.8:53 | zgwqvbuwa.org | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | aphnhcnh.net | udp |
| US | 8.8.8.8:53 | kicygskg.com | udp |
| US | 8.8.8.8:53 | sarnvkpzxq.net | udp |
| US | 8.8.8.8:53 | tybdqoimofiu.net | udp |
| US | 8.8.8.8:53 | lqteyaxkq.org | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | wldigo.info | udp |
| US | 8.8.8.8:53 | gfqwjmnvybxo.net | udp |
| US | 8.8.8.8:53 | mlfgayepf.net | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | pbmrvzxcz.info | udp |
| US | 8.8.8.8:53 | owtldyji.net | udp |
| US | 8.8.8.8:53 | nwtiiruu.net | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | ivhmxyxw.net | udp |
| US | 8.8.8.8:53 | sjmkle.net | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | oeywoe.com | udp |
| US | 8.8.8.8:53 | josddjfqhriu.net | udp |
| US | 8.8.8.8:53 | hdcidelqxknk.net | udp |
| US | 8.8.8.8:53 | wtnkrqu.net | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | oodinqneokj.info | udp |
| US | 8.8.8.8:53 | exdvavflz.net | udp |
| US | 8.8.8.8:53 | ewjmsv.info | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | aaecowwy.com | udp |
| US | 8.8.8.8:53 | pgnfhctup.info | udp |
| US | 8.8.8.8:53 | sqzjrbwu.net | udp |
| US | 8.8.8.8:53 | spvhlxjbixqw.info | udp |
| US | 8.8.8.8:53 | skiauggq.com | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | timrdlrcjwyu.net | udp |
| US | 8.8.8.8:53 | csijolnhqn.net | udp |
| US | 8.8.8.8:53 | uccksw.com | udp |
| US | 8.8.8.8:53 | ocyqoikm.com | udp |
| US | 8.8.8.8:53 | womkdolwmqm.net | udp |
| US | 8.8.8.8:53 | yhmsxdegw.info | udp |
| US | 8.8.8.8:53 | keucsokcyq.com | udp |
| US | 8.8.8.8:53 | ewxibuxqu.info | udp |
| GB | 78.105.251.82:14181 | tcp | |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | duruiz.info | udp |
| US | 8.8.8.8:53 | xcmnfiyxsf.info | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | zmgyxirfxyk.org | udp |
| US | 8.8.8.8:53 | jcbmzibk.info | udp |
| US | 8.8.8.8:53 | hmmikdh.info | udp |
| US | 8.8.8.8:53 | sqemsuom.com | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | jwhmuqh.com | udp |
| US | 8.8.8.8:53 | kyesqaguqc.com | udp |
| US | 8.8.8.8:53 | bnsqnydyqxb.org | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | xggzlpvqzo.net | udp |
| US | 8.8.8.8:53 | ooykewoiewms.org | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | wuflcrxgmfza.net | udp |
| US | 8.8.8.8:53 | pkukytejfsrx.net | udp |
| US | 8.8.8.8:53 | uuqswc.org | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | fxgdtf.net | udp |
| US | 8.8.8.8:53 | astofr.info | udp |
| US | 8.8.8.8:53 | qmikggsk.com | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | dpvwkehqcbqh.info | udp |
| US | 8.8.8.8:53 | oebrbvgsn.info | udp |
| US | 8.8.8.8:53 | baxaddv.net | udp |
| BG | 87.246.44.65:33782 | tcp | |
| US | 8.8.8.8:53 | fejmph.net | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | wwaebapik.net | udp |
| US | 8.8.8.8:53 | ktbgzy.info | udp |
| US | 8.8.8.8:53 | qkfubktkh.info | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | hsjgfajglgh.org | udp |
| US | 8.8.8.8:53 | vcpybkjsp.net | udp |
| US | 8.8.8.8:53 | avfgzaz.net | udp |
| US | 8.8.8.8:53 | kkvubonbzkl.info | udp |
| US | 8.8.8.8:53 | qaayxsakf.info | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | iwyskukssioy.org | udp |
| US | 8.8.8.8:53 | vetbvmeepl.net | udp |
| US | 8.8.8.8:53 | wiqkuuaeiw.org | udp |
| US | 8.8.8.8:53 | fdridhflyy.net | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | occoakuw.org | udp |
| US | 8.8.8.8:53 | hnxxspkbudyb.info | udp |
| US | 8.8.8.8:53 | owukjcjvozc.net | udp |
| US | 8.8.8.8:53 | esbypibaq.info | udp |
| US | 8.8.8.8:53 | fahajcdidkn.info | udp |
| US | 8.8.8.8:53 | hgmudepeqnb.org | udp |
| US | 8.8.8.8:53 | dvtuzo.net | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | yqbsxwbudmc.info | udp |
| US | 8.8.8.8:53 | fmtydizkf.info | udp |
| US | 8.8.8.8:53 | pwdkryjgmax.net | udp |
| US | 8.8.8.8:53 | nevrfzfcv.info | udp |
| US | 8.8.8.8:53 | yenmvgjwtcnl.info | udp |
| US | 8.8.8.8:53 | nilkvol.info | udp |
| US | 8.8.8.8:53 | waqygcxio.net | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | matilsz.info | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | gygagaugwk.org | udp |
| US | 8.8.8.8:53 | rqthrif.info | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | ekkcuc.net | udp |
| US | 8.8.8.8:53 | dlvpacrw.net | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | dgbgnihcjyx.net | udp |
| US | 8.8.8.8:53 | sujicoxupur.info | udp |
| US | 8.8.8.8:53 | jzbwvebmw.net | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | ghygvwwhfeqr.net | udp |
| US | 8.8.8.8:53 | hfqeyihtnwb.info | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | sbxjhk.net | udp |
| US | 8.8.8.8:53 | sagsxqz.info | udp |
| US | 8.8.8.8:53 | ziukokiaz.net | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | yaqwuu.org | udp |
| US | 8.8.8.8:53 | opknwqjdrfvr.net | udp |
| US | 8.8.8.8:53 | ocygakcyim.com | udp |
| US | 8.8.8.8:53 | eczhvprcvecl.info | udp |
| US | 8.8.8.8:53 | rxocukyciw.net | udp |
| US | 8.8.8.8:53 | sypwnmr.net | udp |
| US | 8.8.8.8:53 | ysuopwp.net | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | fotnqjqgvkx.org | udp |
| US | 8.8.8.8:53 | zmcnnzjwwz.net | udp |
| US | 8.8.8.8:53 | shutbqaeup.info | udp |
| US | 8.8.8.8:53 | faneui.info | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | ygqisiyiqk.com | udp |
| US | 8.8.8.8:53 | pierdmrs.net | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | ssqkrttphaib.info | udp |
| US | 8.8.8.8:53 | ngivxs.info | udp |
| US | 8.8.8.8:53 | ygiujngwbr.info | udp |
| US | 8.8.8.8:53 | oskwossa.com | udp |
| US | 8.8.8.8:53 | lorxditp.info | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | zcpsxntjjgj.com | udp |
| US | 8.8.8.8:53 | wykgze.net | udp |
| US | 8.8.8.8:53 | wnbmkmjkyld.info | udp |
| US | 8.8.8.8:53 | magigkui.org | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | svpqxsbiww.net | udp |
| US | 8.8.8.8:53 | uaysuwugwu.org | udp |
| US | 8.8.8.8:53 | nypcmrvn.net | udp |
| US | 8.8.8.8:53 | zufozrgspjl.com | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | twvfjyi.org | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | wxlqzmt.info | udp |
| US | 8.8.8.8:53 | vkzoaydx.net | udp |
| US | 8.8.8.8:53 | aelavgbkbuw.info | udp |
| US | 8.8.8.8:53 | dbaedfkaxtqp.info | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | gkgagu.com | udp |
| US | 8.8.8.8:53 | nngmvx.net | udp |
| US | 8.8.8.8:53 | nbhcmp.net | udp |
| US | 8.8.8.8:53 | wrfwdcj.net | udp |
| US | 8.8.8.8:53 | hhrjcblowb.net | udp |
| US | 8.8.8.8:53 | szfswaromgf.info | udp |
| US | 8.8.8.8:53 | myjzxzx.info | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | dnlqpgzsg.net | udp |
| US | 8.8.8.8:53 | fztqpkdyz.net | udp |
| US | 8.8.8.8:53 | huzvlc.info | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | hptmhivan.org | udp |
| US | 8.8.8.8:53 | bodpugvwy.org | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | czrmlwlwkgpj.net | udp |
| US | 8.8.8.8:53 | fopobrnbtmt.org | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | cbirilqfsa.net | udp |
| US | 8.8.8.8:53 | ghptrswqlr.net | udp |
| US | 8.8.8.8:53 | sqnwjixwo.info | udp |
| US | 8.8.8.8:53 | bbprtoxilfwz.info | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | nulnxhngvajt.net | udp |
| US | 8.8.8.8:53 | pahznosyfglf.info | udp |
| US | 8.8.8.8:53 | jifbxszljtnt.net | udp |
| US | 8.8.8.8:53 | ayzppiqer.net | udp |
| US | 8.8.8.8:53 | umiuec.com | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | fcyfawjyxco.net | udp |
| US | 8.8.8.8:53 | xywojqwsbuk.info | udp |
| US | 8.8.8.8:53 | nemcpvsbvjtf.net | udp |
| US | 8.8.8.8:53 | agqkuuysoq.com | udp |
| US | 8.8.8.8:53 | xmtnse.info | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | buverejz.info | udp |
| US | 8.8.8.8:53 | cqjsnstknev.info | udp |
| US | 8.8.8.8:53 | bruzkbfd.info | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | bkpchyltdqh.net | udp |
| US | 8.8.8.8:53 | wzcccrbkueiw.info | udp |
| US | 8.8.8.8:53 | vinyhkzoa.net | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | wgsokkkkyi.com | udp |
| US | 8.8.8.8:53 | usvouerwp.info | udp |
| US | 8.8.8.8:53 | hhgrhrds.net | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | gtduvxiez.info | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | iywuwwoet.net | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | pedesoocidq.org | udp |
| US | 8.8.8.8:53 | fjfrtdgvjxje.info | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | kcqswsmy.org | udp |
| US | 8.8.8.8:53 | hycixgzqlsu.info | udp |
| US | 8.8.8.8:53 | kevzpunkm.info | udp |
| US | 8.8.8.8:53 | jxcecukg.net | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | eimosqyeae.org | udp |
| US | 8.8.8.8:53 | hizwxehbx.com | udp |
| US | 8.8.8.8:53 | iunsxoe.info | udp |
| US | 8.8.8.8:53 | iaisswoc.com | udp |
| US | 8.8.8.8:53 | zajkbsuid.info | udp |
| US | 8.8.8.8:53 | itgibehxi.info | udp |
| US | 8.8.8.8:53 | oqyegm.com | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | hwfszoaclqtt.info | udp |
| US | 8.8.8.8:53 | qhzsmvat.net | udp |
| US | 8.8.8.8:53 | pijoixuoxa.net | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | jxagilpkjx.net | udp |
| US | 8.8.8.8:53 | mwdupxnkjuh.info | udp |
| US | 8.8.8.8:53 | pjjkxhvstx.info | udp |
| US | 8.8.8.8:53 | yxpxqjgxvm.net | udp |
| US | 8.8.8.8:53 | dyroryh.org | udp |
| US | 8.8.8.8:53 | jpyhhjhoqxwk.net | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | slbvhqoxre.net | udp |
| US | 8.8.8.8:53 | qwiksc.com | udp |
| US | 8.8.8.8:53 | nqlnsv.info | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | nwlyxqvtdwg.info | udp |
| US | 8.8.8.8:53 | mnricshk.info | udp |
| US | 8.8.8.8:53 | qopkxcw.net | udp |
| US | 8.8.8.8:53 | jblldmuicy.info | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | yzjgberx.info | udp |
| US | 8.8.8.8:53 | bmzgybvql.info | udp |
| US | 8.8.8.8:53 | zyeygku.net | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | bbvvnquqvdma.info | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | pmulortlxlvc.info | udp |
| US | 8.8.8.8:53 | nwtuysanla.net | udp |
| US | 8.8.8.8:53 | muymuggcoi.com | udp |
| US | 8.8.8.8:53 | ysdadwtyiwp.info | udp |
| US | 8.8.8.8:53 | pkrgrwx.org | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | heragu.info | udp |
| US | 8.8.8.8:53 | ggnenbjr.net | udp |
| US | 8.8.8.8:53 | sogclzb.net | udp |
| US | 8.8.8.8:53 | jyphfltyx.net | udp |
| US | 8.8.8.8:53 | refwbh.net | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | yqmgeyac.org | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | ygeyow.org | udp |
| US | 8.8.8.8:53 | ifsodu.net | udp |
| US | 8.8.8.8:53 | fdzvfen.org | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | qqbyneym.info | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | squglmbhupjx.net | udp |
| US | 8.8.8.8:53 | qcysisma.org | udp |
| US | 8.8.8.8:53 | muuysqomkeee.com | udp |
| US | 8.8.8.8:53 | izmuvc.info | udp |
| US | 8.8.8.8:53 | dxtknsjnio.info | udp |
| US | 8.8.8.8:53 | yackyo.org | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | aeaayy.com | udp |
| US | 8.8.8.8:53 | cxikqbbcucdn.info | udp |
| US | 8.8.8.8:53 | huhedlwjnmsy.info | udp |
| MD | 93.116.56.126:32978 | tcp | |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | usrmwfq.info | udp |
| US | 8.8.8.8:53 | jnongm.info | udp |
| US | 8.8.8.8:53 | ccrqqhimg.info | udp |
| US | 8.8.8.8:53 | gtbidsb.info | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | ucemccqaucwm.org | udp |
| US | 8.8.8.8:53 | yazszswnd.net | udp |
| US | 8.8.8.8:53 | bkucktv.com | udp |
| US | 8.8.8.8:53 | acjyoevya.net | udp |
| US | 8.8.8.8:53 | nptvrsrd.net | udp |
| US | 8.8.8.8:53 | tylwkh.net | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | advlimti.info | udp |
| US | 8.8.8.8:53 | iudxmx.info | udp |
| US | 8.8.8.8:53 | bjzhpl.net | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | pfnxqkleduoo.net | udp |
| US | 8.8.8.8:53 | gyaumqcakq.org | udp |
| US | 8.8.8.8:53 | fuvywycfh.net | udp |
| US | 8.8.8.8:53 | muamqouoqmmk.com | udp |
| US | 8.8.8.8:53 | xuwazdpfvmfd.info | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | souaxbjzrjiv.info | udp |
| US | 8.8.8.8:53 | ysqceq.com | udp |
| US | 8.8.8.8:53 | dukfil.info | udp |
| US | 8.8.8.8:53 | ojniksxotf.net | udp |
| US | 8.8.8.8:53 | jzfiboi.org | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | adkpjigewan.info | udp |
| US | 8.8.8.8:53 | numcpijznap.com | udp |
| US | 8.8.8.8:53 | kgsttxcmjbl.net | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | jqpnqofosyx.net | udp |
| US | 8.8.8.8:53 | fyticffqor.net | udp |
| US | 8.8.8.8:53 | melcemv.net | udp |
| US | 8.8.8.8:53 | ictdpxfltl.net | udp |
| US | 8.8.8.8:53 | atvonqy.net | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | ouauuquei.net | udp |
| US | 8.8.8.8:53 | equookwot.info | udp |
| US | 8.8.8.8:53 | nrdvcwudrz.info | udp |
| US | 8.8.8.8:53 | obdyudxm.info | udp |
| US | 8.8.8.8:53 | dczbag.net | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | vufnhke.org | udp |
| LT | 79.133.229.18:21151 | tcp | |
| US | 8.8.8.8:53 | iyhmjqsxn.info | udp |
| US | 8.8.8.8:53 | kcivoyzj.net | udp |
| US | 8.8.8.8:53 | jwzszdxikvcs.info | udp |
| US | 8.8.8.8:53 | lmrhhxpcl.net | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | fecstsqaqwv.info | udp |
| US | 8.8.8.8:53 | nnzzfc.net | udp |
| US | 8.8.8.8:53 | rmdvrxhmhlfg.info | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | lfftzdxnqhnz.net | udp |
| US | 8.8.8.8:53 | dnxzgqddic.net | udp |
| US | 8.8.8.8:53 | rjawmtldgamz.net | udp |
| US | 8.8.8.8:53 | wdncpgz.net | udp |
| US | 8.8.8.8:53 | bgjrldnuoief.net | udp |
| US | 8.8.8.8:53 | gcuwmcscuyoc.org | udp |
| US | 8.8.8.8:53 | bisbulcakr.net | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | zclghogiegd.org | udp |
| LV | 80.233.161.201:44880 | tcp | |
| US | 8.8.8.8:53 | gnxmpr.info | udp |
| US | 8.8.8.8:53 | qenlbaabl.info | udp |
| US | 8.8.8.8:53 | ugvctccga.info | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | xunywmvsnag.info | udp |
| US | 8.8.8.8:53 | dystpak.net | udp |
| US | 8.8.8.8:53 | cujcxpb.info | udp |
| US | 8.8.8.8:53 | xacmglopit.net | udp |
| US | 8.8.8.8:53 | yaykig.org | udp |
| US | 8.8.8.8:53 | wsfcvv.net | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | fsqahxryl.org | udp |
| US | 8.8.8.8:53 | xjvfru.net | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | twjcku.info | udp |
| US | 8.8.8.8:53 | xxxjrplchr.net | udp |
| US | 8.8.8.8:53 | kulzhpv.net | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | drhfiysa.info | udp |
| US | 8.8.8.8:53 | wgmwmgyk.com | udp |
| US | 8.8.8.8:53 | wxxdlfyob.net | udp |
| US | 8.8.8.8:53 | iydqus.info | udp |
| US | 8.8.8.8:53 | xwgkvwcbv.info | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | vmlpjgdhh.net | udp |
| US | 8.8.8.8:53 | lipybfbqhijy.info | udp |
| US | 8.8.8.8:53 | yohxpxq.info | udp |
| US | 8.8.8.8:53 | sbxfbqlfls.net | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | zqjzhx.info | udp |
| US | 8.8.8.8:53 | brmnkt.net | udp |
| US | 8.8.8.8:53 | awiwki.org | udp |
| BG | 77.76.147.36:27150 | tcp | |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | nynkljdddp.info | udp |
| US | 8.8.8.8:53 | arnyniyzbkwb.info | udp |
| US | 8.8.8.8:53 | rijymmvixoz.org | udp |
| US | 8.8.8.8:53 | zoycvebfyi.info | udp |
| US | 8.8.8.8:53 | sldqtg.info | udp |
| US | 8.8.8.8:53 | furcjcbo.info | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | nnpxlrhete.info | udp |
| US | 8.8.8.8:53 | psomlxvej.com | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | nlqqmvjw.info | udp |
| US | 8.8.8.8:53 | emkcywuoqwoi.org | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | xuzmnlf.com | udp |
| US | 8.8.8.8:53 | iiwcgwyo.org | udp |
| US | 8.8.8.8:53 | eydrddngqlnf.info | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | qbqiyuibkkrb.info | udp |
| US | 8.8.8.8:53 | nkzgzh.info | udp |
| US | 8.8.8.8:53 | hvctvmz.com | udp |
| US | 8.8.8.8:53 | bqvhxbzmb.net | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | wsannozhhquu.net | udp |
| US | 8.8.8.8:53 | oijupendzbnx.net | udp |
| US | 8.8.8.8:53 | hphcvglwtyl.info | udp |
| US | 8.8.8.8:53 | egamlolkcjnc.net | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | gldvzi.net | udp |
| US | 8.8.8.8:53 | chxtdr.info | udp |
| US | 8.8.8.8:53 | tsvspwequex.net | udp |
| US | 8.8.8.8:53 | cijqsudpwp.info | udp |
| US | 8.8.8.8:53 | rndabhjecbrn.info | udp |
| US | 8.8.8.8:53 | tejyvvtib.com | udp |
| US | 8.8.8.8:53 | kghewgcp.net | udp |
| US | 8.8.8.8:53 | agaywgqwkusi.com | udp |
| US | 8.8.8.8:53 | ckkciewg.com | udp |
| US | 8.8.8.8:53 | fafjpbdxvlud.net | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | umakmc.com | udp |
| US | 8.8.8.8:53 | drvebqmtnq.net | udp |
| US | 8.8.8.8:53 | wmhihabvserx.info | udp |
| US | 8.8.8.8:53 | logqiovkt.info | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | utecxg.net | udp |
| US | 8.8.8.8:53 | suyuvbnvpop.net | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | yogyfooeq.info | udp |
| US | 8.8.8.8:53 | vaxcfgx.org | udp |
| US | 8.8.8.8:53 | unuhakptymjk.net | udp |
| US | 8.8.8.8:53 | pwqlpqyqf.com | udp |
| US | 8.8.8.8:53 | pjdcbpjmkpb.org | udp |
| US | 8.8.8.8:53 | mgsycc.org | udp |
| US | 8.8.8.8:53 | uexzvatwno.info | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | xmbuvwjmvwj.net | udp |
| US | 8.8.8.8:53 | yqxuvkpmslin.net | udp |
| US | 8.8.8.8:53 | covlnibft.info | udp |
| US | 8.8.8.8:53 | nnjbsfnjbbdv.info | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | exhpbif.info | udp |
| US | 8.8.8.8:53 | unugba.net | udp |
| US | 8.8.8.8:53 | fgxmngqhk.org | udp |
| US | 8.8.8.8:53 | zatrcqr.org | udp |
| US | 8.8.8.8:53 | ewfpeanen.info | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | ropgsrxrrz.info | udp |
| US | 8.8.8.8:53 | feleqb.net | udp |
| US | 8.8.8.8:53 | erwoegn.net | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | ykzwhuuitz.info | udp |
| US | 8.8.8.8:53 | tsvyxgzcvrq.org | udp |
| US | 8.8.8.8:53 | svhvrivf.info | udp |
| US | 8.8.8.8:53 | eirznpxmpmd.info | udp |
| US | 8.8.8.8:53 | objsdojnc.info | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | mtiurius.info | udp |
| US | 8.8.8.8:53 | emyuymkmgw.org | udp |
| US | 8.8.8.8:53 | scrwrltgfgx.net | udp |
| US | 8.8.8.8:53 | vbbbhvrcrz.net | udp |
| US | 8.8.8.8:53 | bytalifkl.org | udp |
| US | 8.8.8.8:53 | vlbwvu.net | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | bgzwyrwjqct.org | udp |
| US | 8.8.8.8:53 | aevsal.info | udp |
| US | 8.8.8.8:53 | kcckmuscys.com | udp |
| US | 8.8.8.8:53 | zbokshowltop.net | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | bsgnvgrhvp.net | udp |
| US | 8.8.8.8:53 | twxiotdhhkhp.info | udp |
| US | 8.8.8.8:53 | bqhyvcd.net | udp |
| US | 8.8.8.8:53 | xsyreqvan.org | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | csfkikbopwh.net | udp |
| US | 8.8.8.8:53 | nwmyxjn.info | udp |
| US | 8.8.8.8:53 | krwgpqt.info | udp |
| US | 8.8.8.8:53 | qaukholfi.info | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | pkclhejwa.com | udp |
| US | 8.8.8.8:53 | exnkxd.net | udp |
| US | 8.8.8.8:53 | kmtptznlhj.info | udp |
| US | 8.8.8.8:53 | egcqiqiicgeq.com | udp |
| US | 8.8.8.8:53 | rcbvouhy.net | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | roxxnsp.com | udp |
| US | 8.8.8.8:53 | zmzypwz.net | udp |
| US | 8.8.8.8:53 | caqseswawqco.org | udp |
| US | 8.8.8.8:53 | elxrgc.info | udp |
| US | 8.8.8.8:53 | ocygcsuw.org | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | wbxtsa.net | udp |
| US | 8.8.8.8:53 | ygauwfz.info | udp |
| US | 8.8.8.8:53 | fomgzbwumqv.net | udp |
Files
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
| MD5 | eb09c682903ecbd87f30b0366e008d8f |
| SHA1 | 59b0dc27c06ce536327490439a37751a3dbd5e38 |
| SHA256 | c4b122f7bab30363b472a3dffb8a7c61604c0ec4719ebd233ccbac8be0951be1 |
| SHA512 | 83236c0955b81375666c10445d2cf5e4723b24e42e4ee5fb951f53945483be2fff5c8ef167f08cfad3accc162c61e750bb1039edbf09e26afe18cba2f994eb5d |
C:\Windows\SysWOW64\ijskguulaquqfeqsac.exe
| MD5 | b4fe986f603c8689f0e3be5b60cc856e |
| SHA1 | 4989bebdf2b66cec09efe777715577b21e5fec5e |
| SHA256 | ce16cfb716ea2a3ebb272428883f5b7375f2b38c5eeff3c4e455baa9a9fb0168 |
| SHA512 | b5b057b7d9a79abd6d857c50767075e480bd3bb3d6dee512c9d517c851e242e42d0e05263010c719b870308bc728908345310280c2b3431a72b8ffc50533b94e |
C:\Users\Admin\AppData\Local\Temp\vjfkt.exe
| MD5 | 97ad6ac6b09531dc74ee709de60a1d75 |
| SHA1 | c5243821a689a6e36b9947e64dc524895e4850d6 |
| SHA256 | 0d9b4b830436abbeb913536e9d2d22eaa6d1e70557bb0d70c317edde4f2b8bbe |
| SHA512 | 90bfa6e14f218e66b315cb14968fbb3fa3d0ea0da4993e24fab7c61ca8a3b207fa0a27b122c37404925b71a5defabac1fe832c310123f1f481176cdaba52b23e |
C:\Users\Admin\AppData\Local\wfwwawedaykolsmwmwwfww.wed
| MD5 | fc61fef3961dad0d51051ebb28fa4225 |
| SHA1 | 7e69a767389e8a76a60e30a1a9337f58170a75cb |
| SHA256 | fba53af4f112be79c4ccea3663cd2a3b6e85a4e699b81577ff7d4123a2c8aded |
| SHA512 | e77381bb8b39ae06a7f76bb2f63401f54796729177f9dd2f40cca6eca5c25d4c8683fe1f14a9fd91d37b02b04f16f0638eeefc3b210afe1acdc7948832051746 |
C:\Users\Admin\AppData\Local\nhjujqjtbkhwewbwxsdxzkzgzjraxmumr.nit
| MD5 | 3ab3c1f7f7a079031fc5657141c7187f |
| SHA1 | 2ec8dc0d32cb0b999729dba7ec491ec1eb010ad9 |
| SHA256 | 67075c6e247a627e8f38abf21bb3cd819f00724625917843e8e9ba5276e7f7c0 |
| SHA512 | e00abf8abcaafcc4c0ed6f746298ab6bf074b4753424e544857e19339196542df4e2fe9baccde04222bdf99266f9450248eeb691ca7244d5f1c6afb28883081a |
C:\Program Files (x86)\wfwwawedaykolsmwmwwfww.wed
| MD5 | 0fe93ce1562e05423bede9286c184003 |
| SHA1 | 4db20eadf16146e5334069c95ec2d5cd9cf8249d |
| SHA256 | e3cd77df09d99a7a71b09e1e877ad0e08770c2ba05cd70cc96254e340f829fcf |
| SHA512 | 253b69560c11160ccf633c95501da81def36fda338971ff6cd3d31915f36bdd101528f3cc95c9093eae0b24fd24993cbe6c403e4180e74ddb7bae6feebb9df4f |
C:\Program Files (x86)\wfwwawedaykolsmwmwwfww.wed
| MD5 | 0f02e4a074f360baf10a66719955d256 |
| SHA1 | 617798dc5ecc89d7b7319fff6182facf32fc3cea |
| SHA256 | e5f1b155b3c43d918c3e16a9667f51af4961c37f21ba20c14d09b016cdbd47dd |
| SHA512 | 1ca029eb48d8a65b531b9d5b88b5d35b348caff8055de55fac3fdbf1ae40e91a53772e10a8aac1277ae3f3863e33fd04d0636ab25804fd20abcfaaff2a9d3e89 |
C:\Program Files (x86)\wfwwawedaykolsmwmwwfww.wed
| MD5 | 5b961d61563cfa21722a7d287f1dc4f2 |
| SHA1 | 6f30858af64e4789b6e35d39088e1d840b2ac333 |
| SHA256 | 93cd4a25886dfd34b1a0c531458d448054d8c430ca922276c23b0cdab11b6e97 |
| SHA512 | 70442406d040d80c5dfc2980c59ee8a30ab1c3f159dac28add4a368442106927e88af7f80ef37b7dbc06f52fa97b7e3906841f0c29aa2d056e4cbfc6bcde04ef |
C:\Program Files (x86)\wfwwawedaykolsmwmwwfww.wed
| MD5 | 9fde5ecb0d6e6dfbdb6a69df75ac26fb |
| SHA1 | 1d4f3d23aebd2644c5062a353ab183ced4fff25e |
| SHA256 | 79f12a614084732beb1f42ada199bcd7b70a883451c1ac7651f0ba1c48f63b3e |
| SHA512 | 006be5f732619812dff0d25a367ac4788516e573ea649aeb05312c86d19e919979fc9f35df8cf2f3827d44c967f6d491f9610565a11ef674d66a8235bc97bfcc |
C:\Program Files (x86)\wfwwawedaykolsmwmwwfww.wed
| MD5 | 68c4f43c08ccb99b630d4bdbc0a667f0 |
| SHA1 | ef58c244be729edf55a8f7898b8f6b419716e7a9 |
| SHA256 | c2aee4ded4057ab74d23fb2e52d514b6e566452d2d4c953a2dd898432e8b0424 |
| SHA512 | 0c8ea829653652b4b7fdfdc8928449bda8afdfd865a0cbb80305bd0b8637f72c125c8ada048fec2d7eb652bdd07e523d12481539d0ac5a4a02bcc326db6d9df6 |