Analysis Overview
SHA256
108e977f71759ac7d303ca9a76b33c440a70f94a68a3e603704afe85de849692
Threat Level: Known bad
The file JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1 was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
UAC bypass
Pykspa
Pykspa family
Detect Pykspa worm
Adds policy Run key to start application
Disables RegEdit via registry modification
Blocklisted process makes network request
Executes dropped EXE
Impair Defenses: Safe Mode Boot
Checks computer location settings
Adds Run key to start application
Looks up external IP address via web service
Hijack Execution Flow: Executable Installer File Permissions Weakness
Checks whether UAC is enabled
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
System policy modification
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-13 19:02
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-13 19:02
Reported
2025-04-13 19:05
Platform
win10v2004-20250410-en
Max time kernel
44s
Max time network
151s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "wtfcunefrmefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfcunefrmefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhuslfxzmibdiyidunfd.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "cxhcsjyxhaqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "yxlkezsvjgadjalhztmlz.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "yxlkezsvjgadjalhztmlz.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhuslfxzmibdiyidunfd.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfcunefrmefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhuslfxzmibdiyidunfd.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "cxhcsjyxhaqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlkezsvjgadjalhztmlz.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "jhuslfxzmibdiyidunfd.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfcunefrmefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "vpyshxljskzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "jhuslfxzmibdiyidunfd.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "vpyshxljskzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "wtfcunefrmefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "wtfcunefrmefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "yxlkezsvjgadjalhztmlz.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "jhuslfxzmibdiyidunfd.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "cxhcsjyxhaqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "wtfcunefrmefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "wtfcunefrmefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpyshxljskzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpyshxljskzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "wtfcunefrmefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "jhuslfxzmibdiyidunfd.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "yxlkezsvjgadjalhztmlz.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "cxhcsjyxhaqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhuslfxzmibdiyidunfd.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhuslfxzmibdiyidunfd.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "lhsofxnnysjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhsofxnnysjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "cxhcsjyxhaqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "cxhcsjyxhaqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "lhsofxnnysjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhsofxnnysjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpyshxljskzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhsofxnnysjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "cxhcsjyxhaqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\lhsofxnnysjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\wtfcunefrmefjyhbrja.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\jhuslfxzmibdiyidunfd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\lhsofxnnysjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\cxhcsjyxhaqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\vpyshxljskzxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\wtfcunefrmefjyhbrja.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\cxhcsjyxhaqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\vpyshxljskzxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\lhsofxnnysjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\wtfcunefrmefjyhbrja.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\jhuslfxzmibdiyidunfd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\lhsofxnnysjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\jhuslfxzmibdiyidunfd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\wtfcunefrmefjyhbrja.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\lhsofxnnysjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\wtfcunefrmefjyhbrja.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\vpyshxljskzxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\wtfcunefrmefjyhbrja.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\vpyshxljskzxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\cxhcsjyxhaqpreldr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\lhsofxnnysjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Windows\vpyshxljskzxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "lhsofxnnysjjmaibqh.exe ." | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vpyshxljskzxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mdjamzkflamhf = "jhuslfxzmibdiyidunfd.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "wtfcunefrmefjyhbrja.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vpyshxljskzxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpyshxljskzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlkezsvjgadjalhztmlz.exe ." | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "lhsofxnnysjjmaibqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlkezsvjgadjalhztmlz.exe ." | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "vpyshxljskzxykqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mdjamzkflamhf = "jhuslfxzmibdiyidunfd.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nfmerfrnukxtsc = "lhsofxnnysjjmaibqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mdjamzkflamhf = "jhuslfxzmibdiyidunfd.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "yxlkezsvjgadjalhztmlz.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhsofxnnysjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "cxhcsjyxhaqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qjrkynaxfwkhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlkezsvjgadjalhztmlz.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vpyshxljskzxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpyshxljskzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "wtfcunefrmefjyhbrja.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mdjamzkflamhf = "wtfcunefrmefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nfmerfrnukxtsc = "yxlkezsvjgadjalhztmlz.exe ." | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "cxhcsjyxhaqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpyshxljskzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nfmerfrnukxtsc = "yxlkezsvjgadjalhztmlz.exe ." | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpyshxljskzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhsofxnnysjjmaibqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "yxlkezsvjgadjalhztmlz.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mdjamzkflamhf = "jhuslfxzmibdiyidunfd.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "vpyshxljskzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vpyshxljskzxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhuslfxzmibdiyidunfd.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mdjamzkflamhf = "lhsofxnnysjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "wtfcunefrmefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhsofxnnysjjmaibqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfcunefrmefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nfmerfrnukxtsc = "vpyshxljskzxykqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfcunefrmefjyhbrja.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlkezsvjgadjalhztmlz.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nfmerfrnukxtsc = "vpyshxljskzxykqh.exe ." | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qjrkynaxfwkhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhsofxnnysjjmaibqh.exe ." | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhsofxnnysjjmaibqh.exe ." | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "vpyshxljskzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nfmerfrnukxtsc = "jhuslfxzmibdiyidunfd.exe ." | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlkezsvjgadjalhztmlz.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "cxhcsjyxhaqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qjrkynaxfwkhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhsofxnnysjjmaibqh.exe ." | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "lhsofxnnysjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "jhuslfxzmibdiyidunfd.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mdjamzkflamhf = "lhsofxnnysjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qjrkynaxfwkhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfcunefrmefjyhbrja.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qjrkynaxfwkhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpyshxljskzxykqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "lhsofxnnysjjmaibqh.exe" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mdjamzkflamhf = "jhuslfxzmibdiyidunfd.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "jhuslfxzmibdiyidunfd.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mdjamzkflamhf = "vpyshxljskzxykqh.exe" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nfmerfrnukxtsc = "wtfcunefrmefjyhbrja.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qjrkynaxfwkhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlkezsvjgadjalhztmlz.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "wtfcunefrmefjyhbrja.exe ." | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qjrkynaxfwkhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfcunefrmefjyhbrja.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhuslfxzmibdiyidunfd.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qjrkynaxfwkhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhsofxnnysjjmaibqh.exe ." | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\jhuslfxzmibdiyidunfd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cxhcsjyxhaqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cxhcsjyxhaqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpyshxljskzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfcunefrmefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpyshxljskzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yxlkezsvjgadjalhztmlz.exe | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpyshxljskzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfcunefrmefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jhuslfxzmibdiyidunfd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfcunefrmefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfcunefrmefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpyshxljskzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfcunefrmefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jhuslfxzmibdiyidunfd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yxlkezsvjgadjalhztmlz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpyshxljskzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jhuslfxzmibdiyidunfd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yxlkezsvjgadjalhztmlz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jhuslfxzmibdiyidunfd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\zdwazzxfyazhsoefcbzdwa.zxf | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jhuslfxzmibdiyidunfd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yxlkezsvjgadjalhztmlz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yxlkezsvjgadjalhztmlz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpyshxljskzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpyshxljskzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfcunefrmefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jhuslfxzmibdiyidunfd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\SysWOW64\qfjyitcvzmwplstfnxgvzoyjslpcmfbij.dnw | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpyshxljskzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yxlkezsvjgadjalhztmlz.exe | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qfjyitcvzmwplstfnxgvzoyjslpcmfbij.dnw | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yxlkezsvjgadjalhztmlz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfcunefrmefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cxhcsjyxhaqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cxhcsjyxhaqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yxlkezsvjgadjalhztmlz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfcunefrmefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfcunefrmefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpyshxljskzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cxhcsjyxhaqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yxlkezsvjgadjalhztmlz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\zdwazzxfyazhsoefcbzdwa.zxf | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\qfjyitcvzmwplstfnxgvzoyjslpcmfbij.dnw | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File created | C:\Program Files (x86)\qfjyitcvzmwplstfnxgvzoyjslpcmfbij.dnw | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\zdwazzxfyazhsoefcbzdwa.zxf | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File opened for modification | C:\Windows\cxhcsjyxhaqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\jhuslfxzmibdiyidunfd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\vpyshxljskzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wtfcunefrmefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\zdwazzxfyazhsoefcbzdwa.zxf | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File opened for modification | C:\Windows\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\jhuslfxzmibdiyidunfd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\yxlkezsvjgadjalhztmlz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\cxhcsjyxhaqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wtfcunefrmefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wtfcunefrmefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\vpyshxljskzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File opened for modification | C:\Windows\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wtfcunefrmefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\vpyshxljskzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\vpyshxljskzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wtfcunefrmefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\cxhcsjyxhaqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\jhuslfxzmibdiyidunfd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\vpyshxljskzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\jhuslfxzmibdiyidunfd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\yxlkezsvjgadjalhztmlz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wtfcunefrmefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\zdwazzxfyazhsoefcbzdwa.zxf | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File opened for modification | C:\Windows\vpyshxljskzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wtfcunefrmefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\vpyshxljskzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\cxhcsjyxhaqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wtfcunefrmefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\qfjyitcvzmwplstfnxgvzoyjslpcmfbij.dnw | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File opened for modification | C:\Windows\yxlkezsvjgadjalhztmlz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wtfcunefrmefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File opened for modification | C:\Windows\jhuslfxzmibdiyidunfd.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\yxlkezsvjgadjalhztmlz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\yxlkezsvjgadjalhztmlz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File opened for modification | C:\Windows\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File opened for modification | C:\Windows\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\vpyshxljskzxykqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\cxhcsjyxhaqpreldr.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File created | C:\Windows\qfjyitcvzmwplstfnxgvzoyjslpcmfbij.dnw | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File opened for modification | C:\Windows\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\wtfcunefrmefjyhbrja.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\yxlkezsvjgadjalhztmlz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\yxlkezsvjgadjalhztmlz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\yxlkezsvjgadjalhztmlz.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\jhuslfxzmibdiyidunfd.exe | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| File opened for modification | C:\Windows\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\lhsofxnnysjjmaibqh.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| File opened for modification | C:\Windows\ppeezvptigbfmeqngbvvkk.exe | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lhsofxnnysjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jhuslfxzmibdiyidunfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wtfcunefrmefjyhbrja.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lhsofxnnysjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wtfcunefrmefjyhbrja.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lhsofxnnysjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lhsofxnnysjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jhuslfxzmibdiyidunfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cxhcsjyxhaqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vpyshxljskzxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cxhcsjyxhaqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vpyshxljskzxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jhuslfxzmibdiyidunfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lhsofxnnysjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jhuslfxzmibdiyidunfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vpyshxljskzxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wtfcunefrmefjyhbrja.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cxhcsjyxhaqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lhsofxnnysjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vpyshxljskzxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lhsofxnnysjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cxhcsjyxhaqpreldr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wtfcunefrmefjyhbrja.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vpyshxljskzxykqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wtfcunefrmefjyhbrja.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wtfcunefrmefjyhbrja.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lhsofxnnysjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lhsofxnnysjjmaibqh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\jtschn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe"
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b58392cb5dabc4b3851447d47255d4f1.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\jtschn.exe
"C:\Users\Admin\AppData\Local\Temp\jtschn.exe" "-C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe"
C:\Users\Admin\AppData\Local\Temp\jtschn.exe
"C:\Users\Admin\AppData\Local\Temp\jtschn.exe" "-C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe .
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jhuslfxzmibdiyidunfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jhuslfxzmibdiyidunfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jhuslfxzmibdiyidunfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jhuslfxzmibdiyidunfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jhuslfxzmibdiyidunfd.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jhuslfxzmibdiyidunfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jhuslfxzmibdiyidunfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jhuslfxzmibdiyidunfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe .
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe .
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jhuslfxzmibdiyidunfd.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe
C:\Windows\yxlkezsvjgadjalhztmlz.exe
yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jhuslfxzmibdiyidunfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .
C:\Windows\lhsofxnnysjjmaibqh.exe
lhsofxnnysjjmaibqh.exe
C:\Windows\wtfcunefrmefjyhbrja.exe
wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Windows\vpyshxljskzxykqh.exe
vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."
C:\Windows\cxhcsjyxhaqpreldr.exe
cxhcsjyxhaqpreldr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe
C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."
C:\Windows\jhuslfxzmibdiyidunfd.exe
jhuslfxzmibdiyidunfd.exe .
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
Network
| Country | Destination | Domain | Proto |
| GB | 95.101.143.185:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | www.imdb.com | udp |
| FR | 52.222.159.143:80 | www.imdb.com | tcp |
| RU | 94.241.219.61:26027 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | iyiyasaoakgu.com | udp |
| US | 8.8.8.8:53 | qmhwpghfj.info | udp |
| US | 8.8.8.8:53 | rmdgoqewust.net | udp |
| US | 8.8.8.8:53 | ljdqrul.net | udp |
| US | 8.8.8.8:53 | eewiakmc.com | udp |
| US | 8.8.8.8:53 | arbyzeb.info | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | ysbedez.net | udp |
| US | 8.8.8.8:53 | xwritufftxy.org | udp |
| US | 8.8.8.8:53 | gynvhn.info | udp |
| US | 8.8.8.8:53 | kfgdoowsrum.net | udp |
| US | 8.8.8.8:53 | namexklos.info | udp |
| US | 8.8.8.8:53 | ohabzlza.net | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | hctdyyvf.net | udp |
| US | 8.8.8.8:53 | mrjfwi.info | udp |
| US | 8.8.8.8:53 | ktdbblpexs.net | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | gakaicgigc.org | udp |
| US | 8.8.8.8:53 | dgxdwsfshmx.com | udp |
| US | 8.8.8.8:53 | patsydlw.info | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | moycqm.org | udp |
| US | 8.8.8.8:53 | vavsbcjneur.org | udp |
| US | 8.8.8.8:53 | rrgjxazj.info | udp |
| US | 8.8.8.8:53 | lgqkvmnvb.info | udp |
| US | 8.8.8.8:53 | japgtyfqcih.net | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| RU | 94.241.219.61:26027 | tcp | |
| US | 8.8.8.8:53 | qiiibzkqpqc.info | udp |
| US | 8.8.8.8:53 | pzfckahmtmh.net | udp |
| US | 8.8.8.8:53 | zcvssyx.net | udp |
| US | 8.8.8.8:53 | cobdseyk.info | udp |
| US | 8.8.8.8:53 | rclugyfahgh.info | udp |
| US | 8.8.8.8:53 | kpnepoxhpsxf.info | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | xurujcg.net | udp |
| US | 8.8.8.8:53 | jeatlf.net | udp |
| US | 8.8.8.8:53 | kwdzjtbqyxci.net | udp |
| US | 8.8.8.8:53 | sgemoaukoa.com | udp |
| US | 8.8.8.8:53 | ehzohac.net | udp |
| US | 8.8.8.8:53 | zhbsfhza.net | udp |
| US | 8.8.8.8:53 | fkdjpwnqxmx.com | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | ccxnxlnvobis.info | udp |
| US | 8.8.8.8:53 | qijjwpd.net | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | uifhes.net | udp |
| US | 8.8.8.8:53 | vaktchiwdiri.net | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | rbcjvbeybrva.net | udp |
| US | 8.8.8.8:53 | jbplnub.net | udp |
| US | 8.8.8.8:53 | pcyizzhcfhg.net | udp |
| US | 8.8.8.8:53 | oizsngj.net | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | audvaaf.net | udp |
| US | 8.8.8.8:53 | kulqtmjxnex.info | udp |
| US | 8.8.8.8:53 | unoglyg.info | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | jybehfrfvkpj.net | udp |
| US | 8.8.8.8:53 | tuqfzhho.net | udp |
| US | 8.8.8.8:53 | egaewc.org | udp |
| US | 8.8.8.8:53 | vvsuilxuhv.net | udp |
| US | 8.8.8.8:53 | euqkoiqs.com | udp |
| US | 8.8.8.8:53 | fxjinaaud.com | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | rkugbrait.info | udp |
| US | 8.8.8.8:53 | msvohyfak.net | udp |
| US | 8.8.8.8:53 | vkvsyie.net | udp |
| US | 8.8.8.8:53 | rcszupxwkutl.info | udp |
| US | 8.8.8.8:53 | moasnznb.info | udp |
| US | 8.8.8.8:53 | tdrmfii.info | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | myrrveroj.net | udp |
| US | 8.8.8.8:53 | xhrmtyvgrgt.org | udp |
| US | 8.8.8.8:53 | yidyygl.net | udp |
| US | 8.8.8.8:53 | yyfahytnunvv.net | udp |
| US | 8.8.8.8:53 | uuwkogsyygie.com | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | ozdkbvnx.net | udp |
| US | 8.8.8.8:53 | mksfwpksvvw.net | udp |
| US | 8.8.8.8:53 | grdkrlscmq.net | udp |
| US | 8.8.8.8:53 | tcskkrnrzb.info | udp |
| US | 8.8.8.8:53 | porqnkm.info | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | zwtbzuygbjl.info | udp |
| US | 8.8.8.8:53 | ewdsfkn.net | udp |
| US | 8.8.8.8:53 | legorizgqdh.org | udp |
| US | 8.8.8.8:53 | mizclt.info | udp |
| US | 8.8.8.8:53 | edyoxcxyj.info | udp |
| US | 8.8.8.8:53 | ykfytsvkb.info | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | ewropll.net | udp |
| US | 8.8.8.8:53 | bidbggoch.info | udp |
| US | 8.8.8.8:53 | lmdmzsjoeeq.info | udp |
| US | 8.8.8.8:53 | jcibyrptezyy.net | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | iwvnaq.net | udp |
| US | 8.8.8.8:53 | vyopzumdrk.info | udp |
| US | 8.8.8.8:53 | meisigaq.net | udp |
| US | 8.8.8.8:53 | nrbdhchbil.info | udp |
| US | 8.8.8.8:53 | hyrbancimd.info | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | bkhrprdxba.info | udp |
| US | 8.8.8.8:53 | rvntqx.net | udp |
| US | 8.8.8.8:53 | sgtzdbusfra.info | udp |
| US | 8.8.8.8:53 | zwpycia.info | udp |
| US | 8.8.8.8:53 | vwozrdfpdv.net | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | ridxfwtb.net | udp |
| US | 8.8.8.8:53 | sqsjrrcajvbf.info | udp |
| US | 8.8.8.8:53 | ltdhzvenqp.net | udp |
| US | 8.8.8.8:53 | aewyagvm.info | udp |
| US | 8.8.8.8:53 | fykpigxacnrx.info | udp |
| US | 8.8.8.8:53 | ogrupxdbstd.info | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | vuldjh.info | udp |
| US | 8.8.8.8:53 | uamsom.com | udp |
| US | 8.8.8.8:53 | caceysocgwiu.org | udp |
| US | 8.8.8.8:53 | zyfxkmam.net | udp |
| US | 8.8.8.8:53 | ogwpxoipncv.info | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | twidbm.info | udp |
| US | 8.8.8.8:53 | icggomca.com | udp |
| US | 8.8.8.8:53 | wilgbav.net | udp |
| US | 8.8.8.8:53 | fgtkjcscl.org | udp |
| US | 8.8.8.8:53 | bfkqheyc.info | udp |
| US | 8.8.8.8:53 | jaimfpract.info | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | etstdmlhq.info | udp |
| US | 8.8.8.8:53 | jkzldx.info | udp |
| US | 8.8.8.8:53 | ccfjkyb.info | udp |
| US | 8.8.8.8:53 | cxfwntjrr.net | udp |
| US | 8.8.8.8:53 | pnrtsowzkdnv.net | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | xtcsrpfwsptd.info | udp |
| US | 8.8.8.8:53 | txxgetozhw.net | udp |
| US | 8.8.8.8:53 | hzydoouueq.info | udp |
| US | 8.8.8.8:53 | hirtlvnelyxj.net | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | sanuisfkibr.net | udp |
| US | 8.8.8.8:53 | whpgaabclog.net | udp |
| US | 8.8.8.8:53 | mgegcyqiow.com | udp |
| US | 8.8.8.8:53 | iydobcxefvd.info | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | ciweyqumuumy.com | udp |
| US | 8.8.8.8:53 | gxvsrmdener.net | udp |
| US | 8.8.8.8:53 | gfymvcwuh.net | udp |
| US | 8.8.8.8:53 | amsndtjo.info | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | fnesazkyqsox.info | udp |
| US | 8.8.8.8:53 | hqdyrvhoftbs.net | udp |
| US | 8.8.8.8:53 | ibirikfizqm.net | udp |
| US | 8.8.8.8:53 | vulwjyddjzi.com | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | uiiwoq.org | udp |
| US | 8.8.8.8:53 | hftbhhjhviyv.info | udp |
| US | 8.8.8.8:53 | lnlfzi.net | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | aoymikouam.org | udp |
| US | 8.8.8.8:53 | ywqmko.com | udp |
| US | 8.8.8.8:53 | zrtvkovjom.net | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | qoucvox.net | udp |
| US | 8.8.8.8:53 | kmbxvmjc.net | udp |
| US | 8.8.8.8:53 | ynpczal.info | udp |
| US | 8.8.8.8:53 | rqphbmhxxuf.info | udp |
| US | 8.8.8.8:53 | hddqiqqbwel.org | udp |
| US | 8.8.8.8:53 | nwfmuorac.org | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | cvpdbhwn.info | udp |
| US | 8.8.8.8:53 | bswnmmvhnq.net | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | ejzcxaio.info | udp |
| US | 8.8.8.8:53 | xnusfqlawt.info | udp |
| US | 8.8.8.8:53 | nywmtwwkpy.net | udp |
| US | 8.8.8.8:53 | wmcolms.info | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | yjjtkdqz.info | udp |
| US | 8.8.8.8:53 | zokeokzo.info | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | wxgciaqurwh.info | udp |
| US | 8.8.8.8:53 | jddunhfujk.info | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | lelelivepax.info | udp |
| US | 8.8.8.8:53 | irlvbyvoy.info | udp |
| US | 8.8.8.8:53 | btwshypwf.net | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | xgverpyvdp.net | udp |
| US | 8.8.8.8:53 | uonfzmikhx.net | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | twlocmhldt.net | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | iqcwmg.com | udp |
| US | 8.8.8.8:53 | fnzqznz.org | udp |
| US | 8.8.8.8:53 | rqjwlxea.net | udp |
| US | 8.8.8.8:53 | rghvlsfip.com | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | ledwhiftyinh.info | udp |
| US | 8.8.8.8:53 | aosefaa.net | udp |
| US | 8.8.8.8:53 | yeiaci.com | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | zfifnpxiao.info | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | dkbpyqbvre.info | udp |
| US | 8.8.8.8:53 | jigybdwb.info | udp |
| US | 8.8.8.8:53 | igannsrhzwz.info | udp |
| US | 8.8.8.8:53 | cbqbkscpdtuc.net | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | xaxmdujmkl.net | udp |
| US | 8.8.8.8:53 | peudsronvm.net | udp |
| US | 8.8.8.8:53 | doaaxyt.net | udp |
| US | 8.8.8.8:53 | xufibqe.com | udp |
| US | 8.8.8.8:53 | coyyxewjl.net | udp |
| US | 8.8.8.8:53 | wkyqqmbwq.net | udp |
| US | 8.8.8.8:53 | heiwyulphz.info | udp |
| US | 8.8.8.8:53 | esmuscgiesgk.com | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | sasycakc.org | udp |
| US | 8.8.8.8:53 | mkiwmuiq.com | udp |
| US | 8.8.8.8:53 | dfwecypf.info | udp |
| US | 8.8.8.8:53 | avsumttezvix.net | udp |
| US | 8.8.8.8:53 | vzvtbgi.org | udp |
| US | 8.8.8.8:53 | bmlqxivrq.org | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | xkoqroakw.org | udp |
| US | 8.8.8.8:53 | oynedoztnqi.info | udp |
| US | 8.8.8.8:53 | mecsxkouewn.net | udp |
| US | 8.8.8.8:53 | arcpbol.net | udp |
| US | 8.8.8.8:53 | tbtuco.net | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | kkcwya.com | udp |
| US | 8.8.8.8:53 | oajbbuagf.net | udp |
| US | 8.8.8.8:53 | nknclgl.org | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | wwnqwva.net | udp |
| US | 8.8.8.8:53 | hdxkedpuqbvy.info | udp |
| US | 8.8.8.8:53 | qoqngz.net | udp |
| US | 8.8.8.8:53 | veokxrfdxe.net | udp |
| US | 8.8.8.8:53 | wqmack.org | udp |
| US | 8.8.8.8:53 | yaquggcy.org | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | ewqicaaacqme.org | udp |
| US | 8.8.8.8:53 | jmhcxcxccaz.net | udp |
| US | 8.8.8.8:53 | emeyma.com | udp |
| US | 8.8.8.8:53 | rpgdrgz.com | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | rkyezef.net | udp |
| US | 8.8.8.8:53 | oxhpfdtx.net | udp |
| US | 8.8.8.8:53 | jnjcpgsu.info | udp |
| US | 8.8.8.8:53 | wpedik.info | udp |
| US | 8.8.8.8:53 | egwukhculoz.net | udp |
| US | 8.8.8.8:53 | juvpmprw.net | udp |
| US | 8.8.8.8:53 | wsgeyo.com | udp |
| US | 8.8.8.8:53 | meftoe.info | udp |
| US | 8.8.8.8:53 | tadymhd.com | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | nkzphnv.info | udp |
| US | 8.8.8.8:53 | bzbkpllppgow.info | udp |
| US | 8.8.8.8:53 | quumkaiism.org | udp |
| US | 8.8.8.8:53 | vggolunozkp.info | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | cghevehygcd.net | udp |
| US | 8.8.8.8:53 | kcxutkf.info | udp |
| US | 8.8.8.8:53 | fziwiinzuo.net | udp |
| US | 8.8.8.8:53 | owtcxotml.info | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | pftatil.net | udp |
| US | 8.8.8.8:53 | qwjayzvejoh.info | udp |
| US | 8.8.8.8:53 | veaanvmqk.org | udp |
| US | 8.8.8.8:53 | nfpbfqub.net | udp |
| US | 8.8.8.8:53 | yeuemayg.org | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | oyummeoo.org | udp |
| US | 8.8.8.8:53 | xwhaxstqh.info | udp |
| US | 8.8.8.8:53 | unudyndta.info | udp |
| US | 8.8.8.8:53 | fgzigtlaj.com | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | ywrdqwm.info | udp |
| US | 8.8.8.8:53 | uwwkmokqca.org | udp |
| US | 8.8.8.8:53 | usmwuc.com | udp |
| US | 8.8.8.8:53 | akccygksiyug.com | udp |
| US | 8.8.8.8:53 | nvrwqy.info | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | finmbzge.info | udp |
| US | 8.8.8.8:53 | glyrbmqybqad.net | udp |
| US | 8.8.8.8:53 | vvhhjadlll.net | udp |
| US | 8.8.8.8:53 | bqdrdk.net | udp |
| US | 8.8.8.8:53 | jbjrzvbdrc.info | udp |
| US | 8.8.8.8:53 | obtqfwxlfyz.info | udp |
| US | 8.8.8.8:53 | botnud.info | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | qcbzqvbcvw.net | udp |
| US | 8.8.8.8:53 | vudwmqw.net | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | aexspotiu.info | udp |
| US | 8.8.8.8:53 | vedgnsrkz.net | udp |
| US | 8.8.8.8:53 | tuwejkcgxur.com | udp |
| US | 8.8.8.8:53 | fcqjve.info | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | odfhlrtueqn.info | udp |
| US | 8.8.8.8:53 | hsxajww.info | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | uoicccmk.org | udp |
| US | 8.8.8.8:53 | tsrhjxtigms.com | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | gmuukamoiguy.org | udp |
| US | 8.8.8.8:53 | tcihlazqt.net | udp |
| US | 8.8.8.8:53 | izognhveft.net | udp |
| US | 8.8.8.8:53 | ktnrjhfg.net | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | sscsxee.info | udp |
| US | 8.8.8.8:53 | hybvnkzfslz.info | udp |
| US | 8.8.8.8:53 | klqfrtqr.net | udp |
| US | 8.8.8.8:53 | ugpejpr.info | udp |
| US | 8.8.8.8:53 | eemusgke.org | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | yosckcusoaiw.org | udp |
| US | 8.8.8.8:53 | nugsmdmgtj.net | udp |
| US | 8.8.8.8:53 | lvgvez.info | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | pypdqajwq.info | udp |
| US | 8.8.8.8:53 | wolphbzgrfyw.info | udp |
| US | 8.8.8.8:53 | uotwzps.info | udp |
| US | 8.8.8.8:53 | xgrtpshgonme.info | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | cqaifgh.net | udp |
| US | 8.8.8.8:53 | ozrstoxxxrjm.info | udp |
| US | 8.8.8.8:53 | jyvgslgh.net | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | bnbbhq.net | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | gyqkga.org | udp |
| US | 8.8.8.8:53 | rerixdntrs.net | udp |
| US | 8.8.8.8:53 | moyawk.org | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | cgtjifnw.net | udp |
| US | 8.8.8.8:53 | ekgmtmp.net | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | vplokhvcgeqb.info | udp |
| US | 8.8.8.8:53 | sqemsuom.com | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | auagfdipnmli.net | udp |
| US | 8.8.8.8:53 | fcblcown.net | udp |
| US | 8.8.8.8:53 | vyfyzeyls.info | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | huhhvcyrcwrf.net | udp |
| US | 8.8.8.8:53 | fvssqn.info | udp |
| US | 8.8.8.8:53 | rgvlhd.info | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | ykyscowicawc.com | udp |
| US | 8.8.8.8:53 | rplzbsvgljdp.net | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | rgcztgcbx.com | udp |
| US | 8.8.8.8:53 | dqxesaryned.com | udp |
| US | 8.8.8.8:53 | mwigmiyk.com | udp |
| US | 8.8.8.8:53 | afcbcnqa.info | udp |
| US | 8.8.8.8:53 | vxiehs.info | udp |
| US | 8.8.8.8:53 | odwiaugtdndm.net | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | aimhzkryvwc.net | udp |
| US | 8.8.8.8:53 | pkukytejfsrx.net | udp |
| US | 8.8.8.8:53 | sylwzoj.info | udp |
| US | 8.8.8.8:53 | hpymvoy.info | udp |
| US | 8.8.8.8:53 | ikrubudm.info | udp |
| US | 8.8.8.8:53 | pwbkngnia.net | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | jexnvf.net | udp |
| US | 8.8.8.8:53 | ejnmfqkorkv.net | udp |
| US | 8.8.8.8:53 | tgxszztxhohm.info | udp |
| US | 8.8.8.8:53 | vrlrvkn.net | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | sjjafczpy.info | udp |
| US | 8.8.8.8:53 | ajgxrtlgtcoj.net | udp |
| US | 8.8.8.8:53 | khdrxtmn.net | udp |
| US | 8.8.8.8:53 | moasjuelwgq.info | udp |
| US | 8.8.8.8:53 | eppoawv.net | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | faqvdihz.net | udp |
| US | 8.8.8.8:53 | sqdfkkt.net | udp |
| US | 8.8.8.8:53 | ncasetplu.net | udp |
| US | 8.8.8.8:53 | babhgcfsfch.org | udp |
| US | 8.8.8.8:53 | ycdqrsxdau.info | udp |
| US | 8.8.8.8:53 | geqtzw.net | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | vqcybqbwty.info | udp |
| US | 8.8.8.8:53 | osnulal.info | udp |
| US | 8.8.8.8:53 | mpwzcgpgx.net | udp |
| US | 8.8.8.8:53 | yzxatfv.net | udp |
| US | 8.8.8.8:53 | fljyzkdap.net | udp |
| US | 8.8.8.8:53 | hqvrlpb.info | udp |
| US | 8.8.8.8:53 | ourkqntiozes.net | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | bcpkjodeefz.info | udp |
| US | 8.8.8.8:53 | eebxpcakkur.net | udp |
| US | 8.8.8.8:53 | iwyskukssioy.org | udp |
| US | 8.8.8.8:53 | rmgcqroertyx.net | udp |
| US | 8.8.8.8:53 | pssopyxsz.net | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | nwlazkdpmkh.com | udp |
| US | 8.8.8.8:53 | owukjcjvozc.net | udp |
| US | 8.8.8.8:53 | lyjeldajno.info | udp |
| US | 8.8.8.8:53 | muuuko.com | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | njqgagxk.net | udp |
| US | 8.8.8.8:53 | yqbsxwbudmc.info | udp |
| US | 8.8.8.8:53 | zhindyqidv.net | udp |
| US | 8.8.8.8:53 | vimywbz.org | udp |
| US | 8.8.8.8:53 | koccqq.com | udp |
| US | 8.8.8.8:53 | nebqjhajwgq.com | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | gerifqcxicd.info | udp |
| US | 8.8.8.8:53 | imcqkcmu.org | udp |
| US | 8.8.8.8:53 | susobtfwe.info | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | jzxwzmgsv.info | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | gieicoqq.org | udp |
| US | 8.8.8.8:53 | gkcwws.com | udp |
| US | 8.8.8.8:53 | bxvczb.info | udp |
| US | 8.8.8.8:53 | uclujmtgd.info | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | jyzudws.info | udp |
| US | 8.8.8.8:53 | igqayk.org | udp |
| US | 8.8.8.8:53 | zxzuhg.net | udp |
| US | 8.8.8.8:53 | fvryxy.net | udp |
| US | 8.8.8.8:53 | jyjopijy.info | udp |
| US | 8.8.8.8:53 | fcdpldviugr.net | udp |
| US | 8.8.8.8:53 | qnhmhzhz.info | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | fprcteqhbv.info | udp |
| US | 8.8.8.8:53 | kxtoyvwd.info | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | smsuay.org | udp |
| US | 8.8.8.8:53 | yyokkm.com | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | zxotuarg.net | udp |
| US | 8.8.8.8:53 | aekmmkjgd.info | udp |
| US | 8.8.8.8:53 | lpptlkiczh.info | udp |
| US | 8.8.8.8:53 | yzkblvznv.net | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | nycnmu.net | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | mprqoztojei.info | udp |
| US | 8.8.8.8:53 | fcvhhvrulxoe.info | udp |
| US | 8.8.8.8:53 | wznhcgts.info | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | dsjfghmnst.net | udp |
| US | 8.8.8.8:53 | wxnuzgx.net | udp |
| US | 8.8.8.8:53 | eogirckcwuf.net | udp |
| US | 8.8.8.8:53 | orxqdbnege.net | udp |
| US | 8.8.8.8:53 | qwwkoy.org | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | qhwfjp.net | udp |
| US | 8.8.8.8:53 | gimmgwia.com | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | twfhrdpuhtcm.net | udp |
| US | 8.8.8.8:53 | ekxhvmjsrtl.net | udp |
| US | 8.8.8.8:53 | dlsxahgdxf.net | udp |
| US | 8.8.8.8:53 | tkpmllnbfo.info | udp |
| US | 8.8.8.8:53 | znijdbde.info | udp |
| US | 8.8.8.8:53 | wgooiqmg.com | udp |
| US | 8.8.8.8:53 | gxrgecsmx.info | udp |
| US | 8.8.8.8:53 | brbrcc.net | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | jfalhhyq.net | udp |
| US | 8.8.8.8:53 | esqzcalw.net | udp |
| US | 8.8.8.8:53 | gqppiqbwz.info | udp |
| US | 8.8.8.8:53 | uyunsbtk.net | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | maykseqogcom.com | udp |
| US | 8.8.8.8:53 | gogigwcugu.com | udp |
| US | 8.8.8.8:53 | eupnqdis.net | udp |
| US | 8.8.8.8:53 | wtqpmt.net | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | hkqpwirl.info | udp |
| US | 8.8.8.8:53 | auaglvpgrdk.info | udp |
| US | 8.8.8.8:53 | audaavvgzz.net | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | vwtvxuxxtyp.info | udp |
| US | 8.8.8.8:53 | ccguockcgk.org | udp |
| US | 8.8.8.8:53 | sshwti.net | udp |
| US | 8.8.8.8:53 | elnspqmyhfr.info | udp |
| US | 8.8.8.8:53 | uuyxqq.info | udp |
| US | 8.8.8.8:53 | zpezhdcf.net | udp |
| US | 8.8.8.8:53 | hbqlocxntkej.net | udp |
| US | 8.8.8.8:53 | covipl.net | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | jybyyonku.com | udp |
| US | 8.8.8.8:53 | papxte.info | udp |
| US | 8.8.8.8:53 | bsjvrjq.com | udp |
| US | 8.8.8.8:53 | rzjupoewpcko.net | udp |
| US | 8.8.8.8:53 | kqwcckoywa.org | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | ueabvfcw.net | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | uqtbqcfv.net | udp |
| US | 8.8.8.8:53 | prwffw.net | udp |
| US | 8.8.8.8:53 | noloukkuv.com | udp |
| US | 8.8.8.8:53 | tstgjqh.info | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | qshmtkhpjyt.info | udp |
| US | 8.8.8.8:53 | ziztdibmz.org | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | drrjnenqt.net | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | eotcomaht.info | udp |
| US | 8.8.8.8:53 | gjaeoezeoeh.net | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | xipomk.net | udp |
| US | 8.8.8.8:53 | wlsqjfclvqjf.info | udp |
| US | 8.8.8.8:53 | ammukc.org | udp |
| US | 8.8.8.8:53 | cdzohunchgl.info | udp |
| US | 8.8.8.8:53 | zaiboiueks.net | udp |
| US | 8.8.8.8:53 | tvwytkdbabaa.info | udp |
| US | 8.8.8.8:53 | wloqdvmzhkds.info | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | fgxboouothmn.net | udp |
| US | 8.8.8.8:53 | ecyqooyi.org | udp |
| US | 8.8.8.8:53 | ojesutze.info | udp |
| US | 8.8.8.8:53 | aameceog.com | udp |
| US | 8.8.8.8:53 | vsxajevgzc.net | udp |
| US | 8.8.8.8:53 | dsfpwchk.net | udp |
| US | 8.8.8.8:53 | fynkwxkwmonh.net | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | ymwuoswgcw.com | udp |
| US | 8.8.8.8:53 | uayiys.org | udp |
| US | 8.8.8.8:53 | vudccmq.com | udp |
| US | 8.8.8.8:53 | oshrasn.net | udp |
| US | 8.8.8.8:53 | uripfmxtznjt.info | udp |
| US | 8.8.8.8:53 | zgrkimb.org | udp |
| US | 8.8.8.8:53 | jmtsvuxcfx.net | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | apsalqtihwz.info | udp |
| US | 8.8.8.8:53 | dqqwvwor.info | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | rmqevqzyx.org | udp |
| US | 8.8.8.8:53 | hinryoi.info | udp |
| US | 8.8.8.8:53 | pdkawlzmriza.net | udp |
| US | 8.8.8.8:53 | scigqsuk.org | udp |
| US | 8.8.8.8:53 | dlvcusjbcyvo.net | udp |
| US | 8.8.8.8:53 | hedgbsf.net | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | ieakyaog.org | udp |
| US | 8.8.8.8:53 | hsfuxc.net | udp |
| US | 8.8.8.8:53 | ggmjzgkqpkj.net | udp |
| US | 8.8.8.8:53 | zhdwwptqp.net | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | ampagwc.info | udp |
| US | 8.8.8.8:53 | frnknuczlwtb.info | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | agjbxjfef.info | udp |
| US | 8.8.8.8:53 | bcfgdktvhwf.com | udp |
| US | 8.8.8.8:53 | wokguaueuumg.com | udp |
| US | 8.8.8.8:53 | ygzwqtzj.info | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | kwpfioy.info | udp |
| US | 8.8.8.8:53 | ajhcwspan.info | udp |
| US | 8.8.8.8:53 | iiawgeusqkay.com | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | xjhbmwvwgfzt.info | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | zanoxijzqnj.org | udp |
| US | 8.8.8.8:53 | tilmjmp.com | udp |
| US | 8.8.8.8:53 | dogtoypwkpdw.info | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | zllmydvmz.info | udp |
| US | 8.8.8.8:53 | twbgfekdz.net | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | rixqvklex.org | udp |
| US | 8.8.8.8:53 | okhrtih.net | udp |
| US | 8.8.8.8:53 | ieqoywks.com | udp |
| US | 8.8.8.8:53 | ujuuuflo.info | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | bwbadm.net | udp |
| US | 8.8.8.8:53 | ihwrdh.info | udp |
| US | 8.8.8.8:53 | jefazqfjmr.info | udp |
| US | 8.8.8.8:53 | hbedxs.net | udp |
| US | 8.8.8.8:53 | litofrvay.info | udp |
| US | 8.8.8.8:53 | nulidoxljzh.net | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | icmmwu.org | udp |
| US | 8.8.8.8:53 | skamuiyaei.com | udp |
| US | 8.8.8.8:53 | rylcdow.net | udp |
| US | 8.8.8.8:53 | xubygqw.com | udp |
| US | 8.8.8.8:53 | ggwmnf.info | udp |
| US | 8.8.8.8:53 | iaiukyukomog.com | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | yahjgeoa.net | udp |
| US | 8.8.8.8:53 | hrznkobgutx.net | udp |
| US | 8.8.8.8:53 | zsngrdlogmo.info | udp |
| US | 8.8.8.8:53 | pifynqrwfkr.net | udp |
| US | 8.8.8.8:53 | cauuaeyuuaku.com | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | dvcqtiii.net | udp |
| US | 8.8.8.8:53 | eikwayqy.com | udp |
| US | 8.8.8.8:53 | odalacny.info | udp |
| US | 8.8.8.8:53 | ixfqywtjowwg.net | udp |
| US | 8.8.8.8:53 | amkzjioyc.net | udp |
| US | 8.8.8.8:53 | tgrcrvwypxr.com | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | iyxdly.info | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | pdbwtorod.net | udp |
| US | 8.8.8.8:53 | mqiagw.com | udp |
| US | 8.8.8.8:53 | nbpmpfms.info | udp |
| US | 8.8.8.8:53 | qcsykaeu.org | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | xsngmd.info | udp |
| US | 8.8.8.8:53 | aaumweagwq.com | udp |
| US | 8.8.8.8:53 | ywpfprbu.net | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | iintbqbmb.net | udp |
| US | 8.8.8.8:53 | gtbidsb.info | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | kphcbulnauh.info | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | wcyoce.org | udp |
| US | 8.8.8.8:53 | humxbwmfbrrr.info | udp |
| US | 8.8.8.8:53 | raeglyn.com | udp |
| US | 8.8.8.8:53 | rwqyzgpvf.org | udp |
| US | 8.8.8.8:53 | mkdoryk.info | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | xfrkjydiecd.com | udp |
| US | 8.8.8.8:53 | xuwazdpfvmfd.info | udp |
| US | 8.8.8.8:53 | qrdaijlp.info | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | rxqsod.info | udp |
| US | 8.8.8.8:53 | eilgbyxjdm.info | udp |
| US | 8.8.8.8:53 | pkyqpbrgr.info | udp |
| US | 8.8.8.8:53 | bdjnrwaibhbw.info | udp |
| US | 8.8.8.8:53 | ucyrbz.net | udp |
| US | 8.8.8.8:53 | pyjynlpfbur.org | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | batyngvyaap.com | udp |
| US | 8.8.8.8:53 | omgmaeyiug.com | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | osolzup.info | udp |
| US | 8.8.8.8:53 | mjgxhmusg.info | udp |
| US | 8.8.8.8:53 | tjmgkint.net | udp |
| US | 8.8.8.8:53 | ywimgeuw.com | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | lararacvect.com | udp |
| US | 8.8.8.8:53 | vgvfsaq.com | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | twkgiylcp.net | udp |
| US | 8.8.8.8:53 | fgjdovfj.info | udp |
| US | 8.8.8.8:53 | ocoyag.org | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | zzvuouvb.net | udp |
| US | 8.8.8.8:53 | fwrwmyi.info | udp |
| US | 8.8.8.8:53 | vxpuraaapcdg.info | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | akksyeqwmq.com | udp |
| US | 8.8.8.8:53 | lfftzdxnqhnz.net | udp |
| US | 8.8.8.8:53 | dnxzgqddic.net | udp |
| US | 8.8.8.8:53 | rjawmtldgamz.net | udp |
| US | 8.8.8.8:53 | bgjrldnuoief.net | udp |
| US | 8.8.8.8:53 | rpckdenv.net | udp |
| US | 8.8.8.8:53 | hsfoxqyrbkx.org | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | tnrchugkc.net | udp |
| US | 8.8.8.8:53 | kcegdit.net | udp |
| US | 8.8.8.8:53 | bbredph.info | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | rkpkjhrvnols.net | udp |
| US | 8.8.8.8:53 | cvculsbkdejj.info | udp |
| US | 8.8.8.8:53 | mqzegivbzez.info | udp |
| US | 8.8.8.8:53 | sigiaaoy.org | udp |
| US | 8.8.8.8:53 | yqqsnqv.net | udp |
| US | 8.8.8.8:53 | qapsimp.info | udp |
| US | 8.8.8.8:53 | gwkgiyoqws.org | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | nvxptklqv.com | udp |
| US | 8.8.8.8:53 | ktbdvaw.info | udp |
| US | 8.8.8.8:53 | gtiejksikr.info | udp |
| US | 8.8.8.8:53 | ymyyekeet.info | udp |
| US | 8.8.8.8:53 | fbssarhxpnhv.info | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | kwygzbvmt.info | udp |
| US | 8.8.8.8:53 | qcaqmq.org | udp |
| US | 8.8.8.8:53 | iyabzqp.net | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | twpnqfnufwp.net | udp |
| US | 8.8.8.8:53 | ihzpit.net | udp |
| US | 8.8.8.8:53 | hecxrefe.info | udp |
| US | 8.8.8.8:53 | nklsfunczase.net | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | yzfggvj.net | udp |
| US | 8.8.8.8:53 | hroyborce.org | udp |
| US | 8.8.8.8:53 | ibfqjkvki.info | udp |
| US | 8.8.8.8:53 | jvhuwrreyi.net | udp |
| US | 8.8.8.8:53 | znemjopmh.org | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | jtkhzoedivxh.info | udp |
| US | 8.8.8.8:53 | txrwkounzktq.net | udp |
| US | 8.8.8.8:53 | cybemaa.info | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | nrrobwao.net | udp |
| US | 8.8.8.8:53 | eikusecm.org | udp |
| US | 8.8.8.8:53 | ccecysuyekca.org | udp |
| US | 8.8.8.8:53 | osicygig.org | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | glgmntpx.info | udp |
| US | 8.8.8.8:53 | eaeyquugik.com | udp |
| US | 8.8.8.8:53 | lwjtas.info | udp |
| US | 8.8.8.8:53 | ugztei.net | udp |
| US | 8.8.8.8:53 | zkkhfamaq.info | udp |
| US | 8.8.8.8:53 | gwetdgp.net | udp |
| US | 8.8.8.8:53 | vlsjgaryvq.info | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | lotevdvuhgkc.net | udp |
| US | 8.8.8.8:53 | foomxud.net | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | yoppznisbqp.info | udp |
| US | 8.8.8.8:53 | ziiwcgtiu.com | udp |
| US | 8.8.8.8:53 | qqvmhub.net | udp |
| US | 8.8.8.8:53 | gkgotf.net | udp |
| US | 8.8.8.8:53 | zahehel.info | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | gkxvvas.info | udp |
| US | 8.8.8.8:53 | hencirhxkz.info | udp |
| US | 8.8.8.8:53 | jjrtldradreo.info | udp |
| US | 8.8.8.8:53 | egamlolkcjnc.net | udp |
| US | 8.8.8.8:53 | xonojzlg.net | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | lovsjp.net | udp |
| US | 8.8.8.8:53 | xmdbdqjh.info | udp |
| US | 8.8.8.8:53 | heccxkhojav.com | udp |
| US | 8.8.8.8:53 | yiwgsw.org | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | tejyvvtib.com | udp |
| US | 8.8.8.8:53 | shppqawhnylk.info | udp |
| US | 8.8.8.8:53 | xisolft.org | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | mqwwqhjqhsi.net | udp |
| US | 8.8.8.8:53 | cddungwtdrrt.net | udp |
| US | 8.8.8.8:53 | anbcfotguf.net | udp |
| US | 8.8.8.8:53 | omqyiy.com | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | sfqnpj.info | udp |
| US | 8.8.8.8:53 | reijpkiw.net | udp |
| US | 8.8.8.8:53 | esdippl.net | udp |
| US | 8.8.8.8:53 | wkdphyziq.net | udp |
| US | 8.8.8.8:53 | yfjqxqqcbyt.info | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | ygaracoevnrg.info | udp |
| US | 8.8.8.8:53 | ruzlxeqczrad.net | udp |
| US | 8.8.8.8:53 | nubqltwcaiv.info | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | akzglvhlm.net | udp |
| US | 8.8.8.8:53 | aegauwasiu.com | udp |
| US | 8.8.8.8:53 | bntbje.net | udp |
| US | 8.8.8.8:53 | aqlxhgfbx.info | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | oqlzynytem.net | udp |
| US | 8.8.8.8:53 | zdbzqiuvg.com | udp |
| US | 8.8.8.8:53 | gxxkzrsqzln.net | udp |
| US | 8.8.8.8:53 | hpzmksvbpjxk.net | udp |
| US | 8.8.8.8:53 | rjevpuvjouzb.info | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | lonabohgi.info | udp |
| US | 8.8.8.8:53 | noxqplnygjsj.net | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | cyqkwwwyog.com | udp |
| US | 8.8.8.8:53 | cobeuoamx.info | udp |
| US | 8.8.8.8:53 | boibhtxetih.com | udp |
| US | 8.8.8.8:53 | zrxdhyjf.net | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | arjrjcqohbxx.info | udp |
| US | 8.8.8.8:53 | uymmrwj.info | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | lljdxbddemt.org | udp |
| US | 8.8.8.8:53 | yayogmgsuusk.org | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | pcinzvcylen.com | udp |
| US | 8.8.8.8:53 | qejdfl.info | udp |
| US | 8.8.8.8:53 | uijcnntgs.info | udp |
| US | 8.8.8.8:53 | lqboxnlsp.net | udp |
| US | 8.8.8.8:53 | badilopagb.info | udp |
| US | 8.8.8.8:53 | kcckmuscys.com | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | rytyrg.info | udp |
| US | 8.8.8.8:53 | dmtcewl.org | udp |
| US | 8.8.8.8:53 | dhncoj.net | udp |
| US | 8.8.8.8:53 | xivdkjl.info | udp |
| US | 8.8.8.8:53 | omtcvam.info | udp |
| US | 8.8.8.8:53 | wpcpainw.info | udp |
| US | 8.8.8.8:53 | gwpgldzr.net | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | tshgsyxujit.net | udp |
| US | 8.8.8.8:53 | ocdjplbwe.info | udp |
| US | 8.8.8.8:53 | kpguvyz.net | udp |
| US | 8.8.8.8:53 | daxpretmt.com | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | csiuui.org | udp |
| US | 8.8.8.8:53 | mbnyhh.net | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | qvxjdapzz.net | udp |
| US | 8.8.8.8:53 | kyfufi.info | udp |
| US | 8.8.8.8:53 | psdagfhfog.net | udp |
| US | 8.8.8.8:53 | xriuuq.net | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | savmhcm.net | udp |
| US | 8.8.8.8:53 | hwsxqoryfqb.net | udp |
| US | 8.8.8.8:53 | ygauwfz.info | udp |
| US | 8.8.8.8:53 | okkuqw.com | udp |
| US | 8.8.8.8:53 | cgzqtowog.info | udp |
| US | 8.8.8.8:53 | okoocnhvgylo.net | udp |
| US | 8.8.8.8:53 | fihndjwcjxub.net | udp |
| US | 8.8.8.8:53 | aghfbcv.info | udp |
| US | 8.8.8.8:53 | hwjuanugjcw.net | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | fkymcjpadqo.org | udp |
| US | 8.8.8.8:53 | vlunjm.net | udp |
| US | 8.8.8.8:53 | eqpttgsyhip.net | udp |
| US | 8.8.8.8:53 | apfntyukxx.net | udp |
| US | 8.8.8.8:53 | ryzsobqkv.org | udp |
| US | 8.8.8.8:53 | eitjrhznx.net | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | ccwwwc.com | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | ucccwkucmwio.com | udp |
| US | 8.8.8.8:53 | mhigwclin.net | udp |
| US | 8.8.8.8:53 | giekgyskeiik.org | udp |
| US | 8.8.8.8:53 | nifqdskhhor.net | udp |
| US | 8.8.8.8:53 | wxnkmyr.info | udp |
| US | 8.8.8.8:53 | cwxqstmlrcpa.info | udp |
| US | 8.8.8.8:53 | ymmubrwwwvj.net | udp |
| US | 8.8.8.8:53 | dnlljsoca.com | udp |
| US | 8.8.8.8:53 | rgqcdv.info | udp |
| US | 8.8.8.8:53 | faxkbaldjy.net | udp |
| US | 8.8.8.8:53 | wwsksuusgsgg.com | udp |
| US | 8.8.8.8:53 | fkgritslx.org | udp |
| US | 8.8.8.8:53 | wyolrsvw.info | udp |
| US | 8.8.8.8:53 | htfpqulj.net | udp |
| US | 8.8.8.8:53 | wtlmdlsz.net | udp |
| US | 8.8.8.8:53 | lctlzilmxkr.com | udp |
| US | 8.8.8.8:53 | ptpwnlreeaxo.net | udp |
| US | 8.8.8.8:53 | ydunbsr.info | udp |
| US | 8.8.8.8:53 | baabbwk.com | udp |
| US | 8.8.8.8:53 | eqtvviqg.net | udp |
| US | 8.8.8.8:53 | dubuseu.info | udp |
| US | 8.8.8.8:53 | meudpuvkv.net | udp |
| US | 8.8.8.8:53 | qfarxyyobiu.info | udp |
Files
C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
| MD5 | 5203b6ea0901877fbf2d8d6f6d8d338e |
| SHA1 | c803e92561921b38abe13239c1fd85605b570936 |
| SHA256 | 0cc02d34d5fd4cf892fed282f98c1ad3e7dd6159a8877ae5c46d3f834ed36060 |
| SHA512 | d48a41b4fc4c38a6473f789c02918fb7353a4b4199768a3624f3b685d91d38519887a1ccd3616e0d2b079a346afaec5a0f2ef2c46d72d3097ef561cedb476471 |
C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe
| MD5 | b58392cb5dabc4b3851447d47255d4f1 |
| SHA1 | 4d5beb6e75c2774efe4451caf7fd1ba2ad548e76 |
| SHA256 | 108e977f71759ac7d303ca9a76b33c440a70f94a68a3e603704afe85de849692 |
| SHA512 | 53555d5b931fbe748f2679479bfb57ad4560cd2fcf351799b24717d85168d0f96125217d91ee125a26016ed77c30cc5123315c51846aa107ea1681b8682c7c0a |
C:\Users\Admin\AppData\Local\Temp\jtschn.exe
| MD5 | ca4ca5f16cac6b57a29e736ac40495a2 |
| SHA1 | adfd899287ec1f6df31b8835c2011e7151921122 |
| SHA256 | 885e368e07581eeced0d90ac5c7ecb560009a7af2f4575e1ad96cf549fe55fc1 |
| SHA512 | fa6ee62b032a0e69e745ada3fe74fd6db016570f64f60295c1c5ed217e1f3b05bceec1f464d95ecc085fb834403d5f72dccc6cc840f2b9ae53dd417f31d97689 |
C:\Users\Admin\AppData\Local\qfjyitcvzmwplstfnxgvzoyjslpcmfbij.dnw
| MD5 | 566805e4505b062085a8e2c2fffec3e6 |
| SHA1 | 16f3a28e37596408bb118ddc4695684bfd97f021 |
| SHA256 | 2b216002eb582f30595107b23a78a918979faf953cc202e838a0beb8c192dd40 |
| SHA512 | f444fd94ab5a5645ac654e27bbd5dfd2b373ae07c970e8d37b79e17f5dbf009f0df8556eb46f28c7e2df9b776c25bcc54e44b846a35bd03495d4e9c574d16013 |
C:\Users\Admin\AppData\Local\zdwazzxfyazhsoefcbzdwa.zxf
| MD5 | 384b69f2b892bbcc5c14054bcd02d6c1 |
| SHA1 | 190ade05041b38292fe9e7d6b1757c2829a2ac8f |
| SHA256 | 87013945130f57c3d388b55433a732a95865d04bd410fb32aab26783f1666eb3 |
| SHA512 | 2f55fd2777fa6df6014db0e59a7bee57ae45dd9b149f8f31fe552e835bf2f495c7070da09cbada3a8aad91ee816c1d2e0d24a6e85fdb78588b60c09451e5a8b2 |
C:\Program Files (x86)\zdwazzxfyazhsoefcbzdwa.zxf
| MD5 | 3870b31e4735220f26dab754597c5c4d |
| SHA1 | 15c08c7fd6830d238cbff744e765e2c13819cfc0 |
| SHA256 | 47cd8b27dd02ab38b0bdcc4fa09a8c28be2f74be58def9666afacb3e2d554642 |
| SHA512 | d7006f20f9c32863e24e2dad17c9af545ec97d348d7ef7a160976c5c577c64b83606ba2fdbf8ac330c39fbbecf6a500f013aa8667eea5c2c09a1c223d23f7d90 |
C:\Program Files (x86)\zdwazzxfyazhsoefcbzdwa.zxf
| MD5 | a6ca1c85032bacce08983c5fe483f1ed |
| SHA1 | 3aba128cf91de6bf9c37e686dc99ae5a5382482a |
| SHA256 | 0a7b2233556493154ae0d670518bac0a5083709d33568a7b373db13678af2cc5 |
| SHA512 | 3544b6228b17bade3d88b22f3d0bdd2d8b8fc2a3366a524b49ab9c14a42b9348ef7654b451167f9d32cc164b9fc7d4ae4b9a4c3051210b39cf47b51020796045 |
C:\Program Files (x86)\zdwazzxfyazhsoefcbzdwa.zxf
| MD5 | 043d7455e08c11ebf081b3c816c06458 |
| SHA1 | 7852c8cf9aece651f4e4f9a43051923e96b3b594 |
| SHA256 | 9e8f48061a908b9e0fe641f605246f729fb749c75e31419c7cab210c14ffd614 |
| SHA512 | 3ddc39fd8c5bc959bed9f160e73127a350ff7c0723eb284a1067646594608641795957f534ec05d4078824e61778c8642ef974cbdf7197fa00fea4957eb7a30a |
C:\Program Files (x86)\zdwazzxfyazhsoefcbzdwa.zxf
| MD5 | 7a8dceafc81fb04f687321de1f3f9ea6 |
| SHA1 | c4e5dd47c43de81833a8a9af1e2f5507ee8de125 |
| SHA256 | 5869420c9533623239e4ddd07cc502408f1e565c8081c6b5d8462cab2086977d |
| SHA512 | 22d14c683f41b72c3b92bd5021bfac031fcb274c3f55b4128589aed968f7cf02aba8fdfaa084a49195d846fd20efc811be73233e0c2f061fd174edf58383b7c1 |
C:\Program Files (x86)\zdwazzxfyazhsoefcbzdwa.zxf
| MD5 | 20c61e66273ee648487c1b8a73e7e5fa |
| SHA1 | 327fb1086e3ec6c716f5203e3110bbf11c6f838f |
| SHA256 | 75591366b042fc70ea18317545377c7dd64da12d83c5e50b220b600d71d9ddfc |
| SHA512 | 7d1de6e64b9c979d0b220e0027954aa3be0f81f017a4340096a3fa2309025043b8311926558c8b3a978d2742028ac56b9439dc945e636b0394921a3379e7cbf7 |
C:\Program Files (x86)\zdwazzxfyazhsoefcbzdwa.zxf
| MD5 | 2af6cae85417546246cc9493d535976c |
| SHA1 | c2543f599db39563cde01f3bf9ac19ebec0e73b5 |
| SHA256 | 0c9d1db0e2b5efbcf66feb2ffb0410df7b53e415c7b37875299b53b02d87f80a |
| SHA512 | 9b4da50da133b15c49f4c22706376915f561841165962f9538d1cc9f7202097e589b484dcd1b66aa5795998b1724c8ddd4a296d0a23d0893c8f01dee098e6aa1 |
C:\Program Files (x86)\zdwazzxfyazhsoefcbzdwa.zxf
| MD5 | f6485b3bbcb3cc80259dd5f71fb8b402 |
| SHA1 | 3a94e282de84b0720fd77ed486858aa07f6ed51f |
| SHA256 | 54f1c566949b72dffaf6cbb593ab52e8086ce61b176ce1b957388881b8be2a41 |
| SHA512 | e9f7e5530d4ae789f44f75acf3cf884b36b62e62c03c31fea11f593f7e957558bb94162e7a303757707f5624cf8499fb2448a5080c9965fec3dff9449c93a623 |